Joanna Rutkowska

@rootkovska ↗

Deleted No

Hibernated No

Last Checked March 11, 2019

Created

Wed Jan 04 09:40:08 +0000 2017

Likes

Retweets

Source

TweetDeck

View Raw Data

JSON Data

View on Twitter

Likely Available

Joanna Rutkowska @rootkovska

Contrary to a popular opinion, an attacker doesn't need to execve(/bin/bash) nor calc.exe, nor call any syscalls, once in the kernel. — PolitiTweet.org

Posted Jan. 4, 2017

Preceded By

Joanna Rutkowska @rootkovska

Hvisor monitors if kernel illegally exec()s a more priv'ed processes... Trivially by-passable by shellcode which us… https://t.co/vZf4hVQGto — PolitiTweet.org

Detecting privilege escalation inside of containers using KVM: a new idea in #rkt https://t.co/BDU3mBnsgH https://t.co/b4TaJvxt9V

Posted Jan. 4, 2017

Followed By

Joanna Rutkowska @rootkovska

To detect such attacker, the hvisor would need to monitor all interesting functions in the kernel. Soon the hvisor would become v. complex.. — PolitiTweet.org

Posted Jan. 4, 2017