Wednesday, July 15, 2020

Project Freta: detecting rootkits and advanced malware, in memory snapshots of live Linux systems

   Project Freta: free service from Microsoft Research for detecting evidence of OS and sensor sabotage, such as rootkits and advanced malware, in memory snapshots of live Linux systems

   Incubated at Microsoft Research, Project Freta is a roadmap toward trusted sensing for the cloud that can allow enterprises to engage in regular, complete discovery sweeps for undetected malware. The project’s namesake, Warsaw’s Freta Street, was the birthplace of Marie Curie, a pioneer of battlefield imaging. While snapshot-based memory forensics is a field now in its second decade, no commercial cloud has yet provided customers the ability to perform full memory audits of thousands of virtual machines (VMs) without intrusive capture mechanisms and a priori forensic readiness. Just as yesteryear’s film cameras and today’s smartphones have similar megapixels but vastly different ease of use and availability, Project Freta intends to automate and democratize VM forensics to a point where every user and every enterprise can sweep volatile memory for unknown malware with the push of a button—no setup required.

Project Freta’s four properties of trusted sensing
1. Detect. No program can:
Detect the presence of a sensor prior to installing itself
2. Hide. No program can:
Reside in an area out of view of the sensor
3. Burn. No program can:
Detect operation of the sensor and erase or modify itself prior to acquisition
4. Sabotage. No program can:
Modify the sensor in a way that can prevent the program’s acquisition

To learn more go here.