Aristide Fattori
HyperDbg: kernel debugging through hardware-assisted virtualization
In this demo, we will present HyperDbg a kernel-level debugger that leverages a new approach to dynamic analysis of operating systems. The proposed approach allows to obtain the same advantages of the two that were mentioned before but it avoids their main disadvantages. In particular, HyperDbg leverages hardware-assisted virtualization, available on most commodity CPUs, to migrate a running system into a virtual machine and to install a minimal hypervisor that controls the execution of the virtualized system and provides an execution environment, completely isolated from the guest OS, in which HyperDbg is run. By doing so, the proposed approach can obtain the following very desirable properties: it is completely dynamic, transparent and isolated from the guest operating system and it is not invasive. These features also make HyperDbg particularly fit to analyze malware.
Bio
I am currently in my second year as a Ph.D. Student in Computer Science at Universita` degli Studi di Milano. My research interests include several aspects of Computer Security and Operating Systems. In particular, the main focus of my research is on malware analysis and lately I have been studying the possibilities of using emulation/virtualization to perform malware detection and analysis. Indeed, I am currently working on designing systems to analyze and detect rootkit malware by leveraging hardware assisted virtualization. I am also interested in many other security aspects, such as forensic, web security, spam and mobile devices security.
With the support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme.