Your SlideShare is downloading. ×
Impactpoint kernel-based-protection
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Impactpoint kernel-based-protection

647
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
647
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. YasinSURER The Kernel-based protectionSr.Security Researcher against physical attacks
  • 2. ImpactPoints Founded in 2011 to provide software security and information security services Headquartered in Istanbul, Turkey. Well-known security experts in the industry. Advanced services we provide include • Application Security Testing • Source Code Review • Secure Software Development • Incident Response & Malware Analysis Lab • Penetration Testing • Training
  • 3. About Me Yasin SURER Sr. Security Researcher – ImpactPoint ...interested in high-level technical details of security ...playing with the kernel I like Unix-based systems. IT Security Instructor yasin.surer@impactpoint.net
  • 4. Overwiev Physical Memory Attacks and Forensics Dumpers and Sniffer How it works Memory Protection against ... Architecture-Dependent Conclusion ?
  • 5. Physical Memory Attacks and Forensics Random Access Memory (RAM) Includes data segment Includes code segment Dependent on the operating system Live memory
  • 6. Physical Memory Attacks and Forensics
  • 7. Physical Memory Attacks and Forensics
  • 8. Dumpers and Process Sniffers• Running process• Terminated process• Passwords• Files• Connection data• Adresses• Etc.
  • 9. Dumpers and Process Sniffers
  • 10. Dumpers and Process Sniffers
  • 11. How it works ? Hey nigga, show me the...Oppss !
  • 12. How it works ?
  • 13. How it works ?
  • 14. How it works ? DEMO
  • 15. Kernel-Based: Memory Protection against..• Data Hiding• Anti-Dumper• Encryption...• Out of space• Or wipe them all out 
  • 16. Kernel-Based: Memory Protection against..
  • 17. Kernel-Based: Memory Protection against..
  • 18. Kernel-Based: Memory Protection against.. Kernel Module but reaction ?
  • 19. Kernel-Based: Memory Protection against..
  • 20. Architecture - Dependent• Stored... Free Memory Pages• Free page table• Revise ? Offsets...• Well, space-range ?• Yes ! Revise the page !• Space size implementation
  • 21. Architecture - Dependent
  • 22. Architecture - Dependent
  • 23. Architecture - Dependent
  • 24. Conclusion Digital Forensics <> Data Recovery ?
  • 25. Solutions Commercial Solutions ? info@impactpoint.net
  • 26. Thank you... Any Questions ?

×