RESEARCH
GSoC 2018
Process injection for virtual machine introspection in a hypervisor.
Drakvuf is a virtualization-based malware analysis tool that leverages Virtual Machine Introspection (VMI). VMI is a technique to monitor the state of a virtual machine. It can be used from the hypervisor side to monitor what’s going on inside of a VM or to alter its state.
The full write-up of this project is available here: https://mdolmen.github.io/GSoC/.