More precisely, HyperDbg is based on a minimalistic hypervisor that is installed while the system runs. Aristide Fattori A mind needs a book like a sword needs a whetstone. PySTP is a Python extension module that interfaces with STP , a decision procedure for the theory of fixed-width bitvectors and arrays. I am also interested in many other security aspects, such as forensic, web security, spam and mobile devices security. For more details see the paper Testing CPU emulators.
|Date Added:||1 December 2011|
|File Size:||39.49 Mb|
|Operating Systems:||Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X|
|Price:||Free* [*Free Regsitration Required]|
FluXOR is a system to detect and monitor fast-flux service networks. The same test-case is executed also in an oraclehperdbg on hardware-assisted virtualization. How to automatically generate procedures to detect CPU emulators and the web page devoted to the project.
Hardware-Assisted Virtualization and its Applications to Systems Security
More precisely, HyperDbg is based on a minimalistic hypervisor that is installed while the system runs. The states obtained are compared to detect defects in the virtual machine. KEmuFuzzer generates floppy images to boot a virtual machine and to execute a specific test-case. More precisely, HyperDbg is based on a minimalistic hypervisor that is installed while the system runs. Test-cases are generated using a special compiler that applies certain mutations before compiling.
HyperDbg – Collaborative RCE Tool Library
PyEA currently supports PE and ELF executables, disassembles executables using a recursive disassembler, and translates each machine instruction into an intermediate form, that makes side effects explicit. Its monitoring and detection strategies entirely rely on the analysis of a set of features observable from the point of view of a victim of the scams perpetrated by the botnets.
CopperDroid is an analysis framework to automatically perform out-of-the-box dynamic behavioral analysis of Android malware. QTrace includes some basic Python post-processing tools. ProcessTap is inspired by DTrace and SystemTap, but it is specific for analyzing closed-source user-space applications. CopperDroid CopperDroid is an analysis framework to automatically perform out-of-the-box dynamic behavioral analysis of Android malware. My research interests include several aspects of Computer Security and Operating Systems.
I am currently in my second year as a Ph. Although the current implementation relies on PinTool, alternative back-ends for instrumentation e.
ProcessTap is a dynamic tracing framework for analyzing closed source-applications. Aristide Fattori A mind needs a book like a sword needs a whetstone. EmuFuzzer is a fuzzer for CPU emulators.
Google Code Archive – Long-term storage for Google Code Project Hosting.
In particular, HyperDbg leverages hardware-assisted virtualization, available on most commodity CPUs, to migrate a running system into a virtual machine and to install a minimal hypervisor that controls the execution of the virtualized system and provides an execution environment, completely isolated from the guest OS, in which HyperDbg is run. KEmuFuzzer is protocol-specific fuzzer for system virtual machines.
Additionally, QTrace includes a dynamic hyeprdbg module, hyprdbg to dynamically track dependencies between system calls e. CopperDroid uses a unified analysis to characterize low-level OS-specific e.
The proposed approach allows to obtain the same advantages of the two that were mentioned before but it avoids their main disadvantages. Lorenzo has also used PyEA for several papers.
Support for hybrid analysis of PHP bytecode has also been introduced into this framework. The analyses work directly on the intermediate representation and include graph dominance analysis, static and dynamic data- and control-dependency analyses, liveness and reachability, and loop analysis.
Compared to traditional kernel debuggers e. The analyser was originally developed to statically hyoerdbg IA malicious programs, but has soon evolved into a generic analyser for compiled programs. HyperDbg is a kernel debugger that leverages hardware-assisted virtualization. As an example, QTrace can be used to easily dump win32k.
Indeed, I am currently working on designing systems to analyze and detect rootkit malware by leveraging hardware assisted virtualization.