|
Blue Pill (software)
Blue Pill is the codename for a rootkit based on x86 virtualization. Blue Pill originally required AMD-V (Pacifica) virtualization support, but was later ported to support Intel VT-x (Vanderpool) as well. It was designed by Joanna Rutkowska and originally demonstrated at the Black Hat Briefings on August 3, 2006, with a reference implementation for the Microsoft Windows Vista kernel. The name is a reference to the red pill and blue pill concept from the 1999 film '' The Matrix''. Overview The Blue Pill concept is to trap a running instance of the operating system by starting a thin hypervisor and virtualizing the rest of the machine under it. The previous operating system would still maintain its existing references to all devices and files, but nearly anything, including hardware interrupts, requests for data and even the system time could be intercepted (and a fake response sent) by the hypervisor. The original concept of Blue Pill was published by another researcher at IE ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. The term ''rootkit'' is a compound of "root" (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware. Rootkit installation can be automated, or an attacker can install it after having obtained root or administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting a vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering tactics like "phishing"). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged ac ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
X86 Virtualization
x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-assisted virtualization capabilities while attaining reasonable performance. In 2005 and 2006, both Intel ( VT-x) and AMD (AMD-V) introduced limited hardware virtualization support that allowed simpler virtualization software but offered very few speed benefits. Greater hardware support, which allowed substantial speed improvements, came with later processor models. Software-based virtualization The following discussion focuses only on virtualization of the x86 architecture protected mode. In protected mode the operating system kernel runs at a higher privilege such as ring 0, and applications at a lower privilege such as ring 3. In software-based virtualization, a host OS has direct access to hardware while the guest OSs have limited a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
AMD-V
x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-assisted virtualization capabilities while attaining reasonable performance. In 2005 and 2006, both Intel ( VT-x) and AMD ( AMD-V) introduced limited hardware virtualization support that allowed simpler virtualization software but offered very few speed benefits. Greater hardware support, which allowed substantial speed improvements, came with later processor models. Software-based virtualization The following discussion focuses only on virtualization of the x86 architecture protected mode. In protected mode the operating system kernel runs at a higher privilege such as ring 0, and applications at a lower privilege such as ring 3. In software-based virtualization, a host OS has direct access to hardware while the guest OSs have limite ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Intel VT-x
x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-assisted virtualization capabilities while attaining reasonable performance. In 2005 and 2006, both Intel ( VT-x) and AMD (AMD-V) introduced limited hardware virtualization support that allowed simpler virtualization software but offered very few speed benefits. Greater hardware support, which allowed substantial speed improvements, came with later processor models. Software-based virtualization The following discussion focuses only on virtualization of the x86 architecture protected mode. In protected mode the operating system kernel runs at a higher privilege such as ring 0, and applications at a lower privilege such as ring 3. In software-based virtualization, a host OS has direct access to hardware while the guest OSs have limited ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Joanna Rutkowska
Joanna Rutkowska (born 1981 in Warsaw) is a Polish computer security researcher, primarily known for her research on low-level security and stealth malware, and as founder of the Qubes OS security-focused desktop operating system. She became known in the security community after the Black Hat Briefings conference in Las Vegas in August 2006, where Rutkowska presented an attack against Vista kernel protection mechanism, and also a technique dubbed Blue Pill, that used hardware virtualization to move a running OS into a virtual machine. Subsequently, she has been named one of ''Five Hackers who Put a Mark on 2006'' by eWeek Magazine for her research on the topic. The original concept of Blue Pill was published by another researcher at IEEE Oakland in May 2006 under the name VMBR. During the following years, Rutkowska continued to focus on low-level security. In 2007 she demonstrated that certain types of hardware-based memory acquisition (e.g. FireWire based) are unreliable ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Black Hat Briefings
Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in information security ranging from non-technical individuals, executives, hackers, and security professionals. The conference takes place regularly in Las Vegas, Barcelona, London and Riyadh. The conference has also been hosted in Amsterdam, Tokyo, and Washington, D.C. in the past. History The first Black Hat was held July 7-10, 1997 in Las Vegas, immediately prior to DEF CON 5. The conference was aimed at the computer industry, promising to give them privileged insight into the minds and motivations of their hacker adversaries. Its organizers stated: "While many conferences focus on information and network security, only the Black Hat Briefings will put your engineers and software programmers face-to-face ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of Microsoft Windows desktop operating systems. Development was completed on November 8, 2006, and over the following three months, it was released in stages to computer hardware and software manufacturers, business customers and retail channels. On January 30, 2007, it was released internationally and was made available for purchase and download from the Windows Marketplace; it is the first release of Windows to be made available through a digital distribution platform. New features of Windows Vista include an updated graphical user interface and visual style dubbed Aero, a new search component called Windows Search, redesigned networking, audio, print and display sub-systems, and new multimedia tools such as Windows DVD Maker. Vista aimed ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
