Создано: 27 октября 2018 11:07 New! Цитата · Личное сообщение · #1
Hypervisor based Inspection
Hypervisor based Inspection (HBI) uses latest hardware virtualization technologies of modern CPUs, to place stealth break points anywhere in the operating system or malware code. Stealth breakpoints capure information about any API being called, no matter if it is in usermode or kernelmode. Further HBI enables security experts to trace any cross module calls and trace other sensitive events, like debug register modification,
cpuid instuction execution and many others.
HBI is fully stealth and malware cannot detect its presence. HBI is not tied to a specific hypervisor such as KVM or XEN and can run even on bare metal machines. HBI is fully configurable by our customers https://www.joesecurity.org/joe-sandbox-technology#hbi