Explore a groundbreaking approach to full system analysis in this 41-minute Black Hat conference talk. Delve into rVMI, an innovative system that merges Virtual Machine Introspection (VMI) with Rekall, a powerful memory forensics framework, to create a robust platform for scriptable and interactive malware analysis. Learn how rVMI operates from the hypervisor on a live system, offering the ability to start, resume, and trap events at will. Presented by Jonas Pfoh and Sebastian Vogl, this talk introduces a new paradigm that enhances the capabilities of malware analysts and security researchers in understanding and combating sophisticated threats.
Overview
Syllabus
rVMI: A New Paradigm for Full System Analysis
Taught by
Black Hat
Related Courses
-
Full System Emulation - Achieving Successful Automated Dynamic Analysis of Evasive Malware
-
Sandbagility - Reverse Engineering Framework for Windows Dynamic Analysis
-
Memory Forensics Using Virtual Machine Introspection for Cloud Computing
-
Investigating Malware Using Memory Forensics - A Practical Approach
-
Flowers for Automated Malware Analysis
-
My Ticks Don't Lie - New Timing Attacks for Hypervisor Detection
