Based on the work done by Tomasz Tuzel
Toolkit: [login to view URL]
Evil Hypervisor: [login to view URL]
Preso - [login to view URL]
Write a tool that detects if LibVMI is being used, report it into a log file, and also through a GUI application, browser based.
Use the ecr_toolkit to develop a tool to detect and report into a log file and also through a GUI application, browser based, that
can detect Hypervisor Introspection Attacks:
Types of Attacks:
Flush+Reload
Prime+Probe
Evict+Time
Flush+Flush
Prime+Abort
LibVMI - on Github
Create a baseline
World Switch
Hypervisor Introspection
Memory Intercessions - excessive page violations, VM-exit large overhead, large timing increase
Passive Memory Monitoring - Flush+Reload, Timing Decrease
Instruction Intercession - Wall Timing
Non-Temporal Instructions -
Suspicious timings
Timing Manipulation
Thread Racing
Detection using Increased Virtualization Exceptions #VE
VMFUNC
Prime+Abort -
Prime+Probe -
Side-Channel vulnerabilities
Non-Isolated Caching
Intel SGX is enabled/disabled
Crypto Introspection
LibVMI Introspection
Needs to work in PV, HVM and PVH mode.
Hello there,
Hope you are doing good...!!!
As per your requirement, I am very much suitable for the job kindly invite me for a chat for further discussion regarding the project.
I have more than 6 years of experience in web & mobile app development you will get good quality work from me.
Thank you