Collection of Research Papers and Projects Related to Hardware-Based Virtual Machine (HVM) Rootkits

This collection encompasses various research papers and projects inclusing sour code that focus on hardware-based virtual machine (HVM) rootkits. These rootkits leverage virtualization technology to operate beneath the host operating system, making them particularly challenging to detect and mitigate. Key studies include analyses of different implementations, such as AMD-V, Intel VT-x and ARM, which explore their attack methodologies and commonalities. Additionally, there are discussions on the theoretical aspects and practical implications of HVM rootkits, highlighting their potential risks and the ongoing research in this area. This body of work is crucial for understanding the evolving landscape of cybersecurity threats posed by HVM rootkits and the necessary defenses against them.

Hypervisor's Source Code

• VMXCPU - minimal Virtual Machine Monitor by Shawn Embleton
• nbp-0.11, nbp-0.32- Blue Pill and Blue Chicken with an anti-timing technology by Invisible Things Lab