Malware detection using Linux perf? Anyone tried fingerprinting behavior via CPU metrics?
Reverse Engineering
2025-06-19 08:23:48
收藏
I came across this write-up that explores detecting malware purely through CPU performance counters using Linux’s perf tool — especially inside VM environments.
It doesn’t rely on memory or file inspection at all, just behavioral signals at the CPU level. Interesting direction, especially for detecting obfuscated/fileless payloads.
Curious if anyone here has experimented with similar techniques, or seen other research in this space?
[link] [comments]
目录
最新
- Bypassing AV with Binary Mutation — Part 1 of a Hands-On Experiment
- Windows Kernel Pool Internals
- Looking to connect with folks interested in working on RE projects this summer
- Why Windows CPU Scheduling is a joke
- I have a shining bright app mask, is there anyway to make a remote that changes the face?
- /r/ReverseEngineering's Weekly Questions Thread
- can somebody tell me what this code does? (Pretty sure its malware so dont try running it or anything)
- Reverse Engineering Anti-Debugging Techniques (with Nathan Baggs!)