Overview: Capsule8’s Attack Detection Methods

Capsule8 kernel-level detection methods are designed to detect when kernel functions known to be useful for exploitation are returning directly to the userland. In addition, probing code (or “kernel landmines”) are embedded at both the local and host level, and are triggered when access restrictions within the kernel are either bypassed or disabled by malicious actors. An example of this is the detection of SMEP/SMAP privileges being disabled by an attacker.

 

If your Download does not start Automatically, Click Download Whitepaper