|
28.
04.
2017
SuperNOVA: Microkernel-based Malware Forensics
Markus Partheymüller
Cyberus Technology GmbH
Malware Analysts are facing increasingly challenging tasks in discovering and
analyzing modern malware with existing tools. The reasons include evasion techniques
to detect analysis environments and complicated control flows to obfuscate the
actual behavior.
Based on the NOVA microhypervisor, developed here at TU Dresden, Cyberus Technology
develops a Malware Forensics tool designed to enhance current analysis techniques.
As a pass-through hypervisor, the tool provides an environment that is almost
impossible to detect or circumvent. At the same time, advanced mechanisms, such as
semantic breakpoints, make it easy for the analyst to trace malware behavior in an
efficient way.
|