Ether: Malware Analysis via Hardware Virtualization Extensions
Ether is a malware analysis framework that is based on a novel application of hardware virtualization extensions such as Intel VT, and resides completely outside of the target OS environment. Ether is open source, and is distributed as a controller application and a patch set to the Xen hypervisor.
At the time of creation, Ether was able to successfully and generically unpack numerous packed malware samples. It has been used as the data source for several really cool projects, such as
visual malware reverse engineering.
Bitsquatting: DNS Hijacking Without Exploitation
Bitsquatting is a means to leverage bit-errors in computer hardare to hijack DNS queries. My
bitsquatting research describes the history of bit-errors, their security implications, actual bitsquatting events, and potential mitigations. To judge how often
bit-errors happen in DNS queries, I registered several domains one bit away from a
popular domain name (e.g. mic2osoft.com vs. microsoft.com). It turns out that
these bitsquat domains receive a substantial amount of traffic (both DNS and HTTP) from computers around the world. Most bit-errors that redirect user traffic actually occur before domain resolution or wire transport -- meaning that both DNS security technologies (such as DNSSEC) and transport layer security technologies (such as SSL/TLS) would offer no protection.