expert .net developer needy for simple exe asap within 2-3 days
$2-8 USD / hour
I need a software that runs on WIndows that detects highly suspect activity happening at the hypervisor level. It is a Hypervisor Introspection Detection tool.
Software Requirements:
Develop a UI that runs on a Host or Guest that makes use of the Tuzel libraries, A very simple one that maybe shows a status in the toolbar, red/green/yellow.
Green signifying that there is no suspicious activity happening at the hypervisor/hardware level.
Red signifying that there is some suspicious activity happening at the hypervisor/hardware/introspection layer. And it is highly concerning.
Yellow signifying that there is some suspicious activity happening at the Hypervisor/hardware/Introspection layer. And it is mildly concerning.
The application should log activity to syslog, and be able to forward the information to a syslog server.
Experience:
You need to be an expert at writing software at OS kernel level, in whatever language is best suited for the Operating System and the Tuzel libraries. This might be the C language, I don't know, you need to help me here.
Based on the work done by Tomasz Tuzel
Toolkit: [login to view URL]
Evil Hypervisor: [login to view URL]
Preso - [login to view URL]
Write a tool that detects if LibVMI is being used, report it into a log file, and also through a GUI application, browser based.
Use the ecr_toolkit to develop a tool to detect and report into a log file and also through a GUI application, browser based, that
can detect Hypervisor Introspection Attacks:
Types of Attacks:
Flush+Reload
Prime+Probe
Evict+Time
Flush+Flush
Prime+Abort
LibVMI - on Github
Create a baseline
World Switch
Hypervisor Introspection
Memory Intercessions - excessive page violations, VM-exit large overhead, large timing increase
Passive Memory Monitoring - Flush+Reload, Timing Decrease
Instruction Intercession - Wall Timing
Non-Temporal Instructions -
Suspicious timings
Timing Manipulation
Thread Racing
Detection using Increased Virtualization Exceptions #VE
VMFUNC
Prime+Abort -
Prime+Probe -
Side-Channel vulnerabilities
Non-Isolated Caching
Intel SGX is enabled/disabled
Crypto Introspection
LibVMI Introspection
Needs to work in PV, HVM and PVH mode.
Icon is attached
Project ID: #19865014
About the project
1 freelancer is bidding on average $6 for this job
Hello, I am highly interested in your project and would like to apply to it. I am a Software developer with 7+ years of experience in .Net having Working Knowledge of “asp.net mvc” ,”angular js”,”Web API”,”SignalR” More