Practical Evasion of Red Pill in Modern Computers

Amit Resh, Nezer Zaidenberg, Michael Kiperberg

Research output: Contribution to journalArticlepeer-review

Abstract

The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.

Original languageEnglish
Pages (from-to)461-473
Number of pages13
JournalComputational Methods in Applied Sciences
Volume56
DOIs
StatePublished - 2022
Externally publishedYes

Keywords

  • Forensics
  • Information security
  • Red pill
  • Virtualization

All Science Journal Classification (ASJC) codes

  • Civil and Structural Engineering
  • Modelling and Simulation
  • Biomedical Engineering
  • Computer Science Applications
  • Fluid Flow and Transfer Processes
  • Computational Mathematics
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Practical Evasion of Red Pill in Modern Computers'. Together they form a unique fingerprint.

Cite this