A3 Book section, Chapters in research books
Practical Evasion of Red Pill in Modern Computers (2022)


Resh, A., Zaidenberg, N., & Kiperberg, M. (2022). Practical Evasion of Red Pill in Modern Computers. In M. Lehto, & P. Neittaanmäki (Eds.), Cyber Security : Critical Infrastructure Protection (pp. 461-473). Springer. Computational Methods in Applied Sciences, 56. https://doi.org/10.1007/978-3-030-91293-2_20


JYU authors or editors


Publication details

All authors or editorsResh, Amit; Zaidenberg, Nezer; Kiperberg, Michael

Parent publicationCyber Security : Critical Infrastructure Protection

Parent publication editorsLehto, Martti; Neittaanmäki, Pekka

ISBN978-3-030-91292-5

eISBN978-3-030-91293-2

Journal or seriesComputational Methods in Applied Sciences

ISSN1871-3033

eISSN2543-0203

Publication year2022

Number in series56

Pages range461-473

Number of pages in the book484

PublisherSpringer

Place of PublicationCham

Publication countrySwitzerland

Publication languageEnglish

DOIhttps://doi.org/10.1007/978-3-030-91293-2_20

Publication open accessNot open

Publication channel open access


Abstract

The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.


Keywordsdata securityvirtualisationmalware

Free keywordsvirtualization; forensics; information security; red pill


Contributing organizations


Ministry reportingYes

Reporting Year2022

JUFO rating1


Last updated on 2024-03-04 at 18:36