A3 Book section, Chapters in research books
Practical Evasion of Red Pill in Modern Computers (2022)

Resh, A., Zaidenberg, N., & Kiperberg, M. (2022). Practical Evasion of Red Pill in Modern Computers. In M. Lehto, & P. Neittaanmäki (Eds.), Cyber Security : Critical Infrastructure Protection (pp. 461-473). Springer. Computational Methods in Applied Sciences, 56. https://doi.org/10.1007/978-3-030-91293-2_20

JYU authors or editors

Publication details

All authors or editorsResh, Amit; Zaidenberg, Nezer; Kiperberg, Michael

Parent publicationCyber Security : Critical Infrastructure Protection

Parent publication editorsLehto, Martti; Neittaanmäki, Pekka



Journal or seriesComputational Methods in Applied Sciences



Publication year2022

Number in series56

Pages range461-473

Number of pages in the book484


Place of PublicationCham

Publication countrySwitzerland

Publication languageEnglish


Publication open accessNot open

Publication channel open access


The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.

Keywordsdata securityvirtualisationmalware

Free keywordsvirtualization; forensics; information security; red pill

Contributing organizations

Ministry reportingYes

Reporting Year2022

JUFO rating1

Last updated on 2024-03-04 at 18:36