Author: TheJamLab
Subject: Sysmon v. backdoor
Posted: 30 October 2014 at 1:24pm
I am wondering if this utility can be used in a hypervisor in order to detect intrusions of hosted VMs? Could WireShark like features be used to find the illegal traffic?
Subject: Sysmon v. backdoor
Posted: 30 October 2014 at 1:24pm
I am wondering if this utility can be used in a hypervisor in order to detect intrusions of hosted VMs? Could WireShark like features be used to find the illegal traffic?
Such out of band traffic can not be seen by the VM. But, the criminals can not detect the hypervisor unless they first break the law! So, it should be possible to see the delta between the host and VM as seen by WireShark like enhanced utilities. Robust filters would be needed as the data would be overwhelming to a human.
The VM would be used as bait to attract an illegal NGO/GO attack on theVM. The IP address of the rouge agents could then be used in a court of law to prove the Constitution of the USA is no longer in effect. The criminal agents could then be tried for treason. Long live freedom and the Bill of Rights! Enemies of We The People must be defeated. Never trade freedom for lies and false promises of safety.