Sparta
Sparta is a virtualization-based endpoint security solution for Windows. It's an educational research project of mine, which tries to demonstrate the power of virtualization-based solutions.
Basically, Sparta traces all suspicious kernel mode code executions, kernel structure manipulations, kernel code modifications and sensitive process memory corruptions, in order to detect abnormal behavior which can indicate a malware infection. See the "How It Works?" section for a deeper explanation.
Usage
TBD
Screenshots
Basic Execution (Bootstrapping & CPUID "Spoofing")
Invisible Syscall Hooking (TLB Splitting)
How It Works?
TBD
License
Authors
- Omer Katz - omerk2511