Another thing you should note, that if you do not protect boot
integrity, you're grinding water, because all your hypervisor based
protection and magnificent hardening would be null and void after the
next reboot.
Generally speaking, I really recommend you to get paid consultancy from
a real
What you probably want, is something similar to Windows VBS HVCI, which
is usually achieved via underlying hypervisor.
It forces you to pass the security boundary of the hypervisor, even if
security boundary between user/kernel is bypassed.
Have a look at Bromium or QubeOS for a full solution
On 12/01/2019 15:19, Lev Olshvang
wrote:
Hi All,
The fact that the text segment could be modified is bad news from the security standpoint.
For example, in order to set a breakpoint GDB should map a text segment with MAP_PRIVATE flag which allows kernel to ignore
Hi All,
The fact that the text segment could be modified is bad news from the security
standpoint.
For example, in order to set a breakpoint GDB should map a text segment with
MAP_PRIVATE flag which allows kernel to ignore the dirty bit that MMU sets on
this page.
Somewhere in the middle of
