[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)
- To: phocean <0x90@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)
- From: valdis.kletnieks@xxxxxx
- Date: Thu, 12 Jul 2012 13:11:14 -0400
On Thu, 12 Jul 2012 18:47:53 +0200, phocean said:
> - Volatility: anything has to sit somehow in the memory, so there is no
> way for it to escape from the analysis.
There's a number of attacks using the MTRR and IOMMU to cause the CPU to have a
different view of memory. It is indeed possible for something to be sitting in
memory but not be visible to *you* (while still being visible to something that
didn't expect it to be visible, and thus delivering an exploit).
Attachment:
pgpx5LmJ6GLba.pgp
Description: PGP signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)
- From: Григорий Братислава
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)
- From: Григорий Братислава
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)