Detecting (un)Intentionally Hidden Injected Code by Examining Page Table Entries
Frank Block at Black Hat Europe 2019
In this talk, we will cover hiding techniques that prevent executable pages (containing injected code) from being reported by current memory forensic plugins. These techniques can either be implemented by malware in order to hide its injected code (as already observed) or can, in one case, unintentionally be taken care of by the operating system through its paging mechanism.
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#detecting-unintentionally-hidden-injected-code-by-examining-page-table-entries-17856
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#detecting-unintentionally-hidden-injected-code-by-examining-page-table-entries-17856