Aperture

Watch our flagship product Aperture detect threats in real time.

This demo shows APERTURE detecting system activity which is displaying rootkit-like techniques. Surprisingly, the source of this activity turns out to be Microsoft's kernel patch protection also known as PatchGuard.



This demo highlights the fuzzy division between offensive and defensive code: often the same techniques can be used for adversarial or sympathetic purposes. Unfortunately, because PatchGuard is a component of the Windows kernel, it cannot adequately protect itself and all three released iterations are easily disabled with public code widely available.



Fortunately,APERTURE can securely enforce patch protection in a manner that cannot be disabled. Contact us to find out how!
×
Aperture Detecting an Advanced Rootkit Technique
This demo shows APERTURE detecting malware which is exfiltrating physical memory off the sytem. This malware is especially dangerous because physical memory can hold information such as encryption keys, credit card numbers and banking site passwords. This malware operates below the operating system and would not be detectable using host based tools because they themselves rely upon the OS.



This demo illustrates how APERTURE can monitor even the lowest levels of the system, beneath the operating system, to detect even the most advanced threats. There is no place for malware to hide.

 
×
Aperture Detecting Data Exfiltration Malware