Home

Awesome

<i><b>

@@ All the updates will be soon @@

</b></i>

Updated MemoryRanger: Hijacking Is Not An Option

Updated MemoryRanger prevents the following new attacks:

News:

<img src="https://github.com/IgorKorkin/MemoryRanger/blob/master/memoryranger_prevents_token_and_handle_hijacking.png" width="1000" />

Handle Hijacking Attack and its Preventing are here:

Handle Hijacking Attack The Prevention of Handle Hijacking

Token Hijacking Attack and its Preventing are here:

Handle Hijacking Attack The Prevention of Handle Hijacking

MemoryRanger

MemoryRanger hypervisor moves newly loaded drivers into isolated kernel spaces by using VT-x and EPT. MemoryRanger has been presented at Black Hat Europe 2018 and CDFSL 2019. MemoryRanger runs driver inside separate enclaves to protect the following kernel-mode areas:

MemoryRanger at the CDFSL 2019:

<img src="https://github.com/IgorKorkin/MemoryRanger/blob/master/cdfsl2019_memoryranger_prevents_fileobj_hijacking.png" width="700" />

The Hijacking Attack The Attack Prevention

MemoryRanger at the Black Hat Europe 2018

alt text

The Attack The Attack Prevention

Details

MemoryRanger hypervisor is based on these projects: