Windows Memory Forensics: Detecting (Un)Intentionally Hidden Injected Code by Examining Page Table Entries

Frank Block
Frank Block

Digital Investigation, pp. S3-S12, 2019.

Cited by: 0|Bibtex|Views46|
Keywords:
Memory forensicsCode injectionDetectionWindowsMalwareMore(1+)

Abstract:

Malware utilizes code injection techniques to either manipulate other processes (e.g. done by banking trojans) or hide its existence. With some exceptions, such as ROP gadgets, the injected code needs to be executable by the CPU (at least at some point in time). In this work, we cover and evaluate hiding techniques that prevent executable...More

Code:

Data:

Your rating :
0

 

Best Paper
Best Paper of DFRWS, 2019
Tags
Comments