Deep VM Threat Detection?
020489750245702745023r289745057
VMWare can monitor and freeze some malicious VMWare's.
https://blog.cloud.vmware.com/s/content/a1y6A000000e6lUQAQ/article-vmware-launches-appdefense
Will be this also a nice to have QubesOS feature?
Kind Regards
pixel fairy
heres an example for windows guests, https://drakvuf.com/
It was discussed on the developers list, but this is high risk code that the developers would need to audit.
if you do this, i would recommend passing memory to an analysis vm which only has permission to alert you to a problem. this would result in a delay and a performance hit, so not the same effect, but safer against any attack crafted against this mechanism from taking over your machine. i also hope your very good at writing fast, tight parsers. go is supposed to be fast and type safe. maybe it would be a good choice here.
on a lighter scale, you can also use firejail within the vm, blacklist some stuff, and set a watch on its logfile to alert you. redhat based appvms can also do this with selinux. wont catch anything sophisticated enough to privilege escalate and stop the alert from happening, but also no danger to dom0.
im glad vmware did this, for a long time, they only had a tool to dump memory snapshots (at least for fusion). not a real time running filter like this, but still fun.
pixel fairy
should also stress that the code you pass through would go through dom0, so be very careful with it!
pixel fairy
> should also stress that the code you pass through would go through dom0, so be very careful with it!
i meant memory, not code.
389170470147014241748914780
is there some change to monitor a malicious VM without risking the dom0 integrity?
How can I use one VM to monitor another VM?
Kind Regards