{"id":22830,"date":"2020-07-08T00:23:00","date_gmt":"2020-07-07T21:23:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/microsofts-project-freta-is-intended-to-stop-malware-in-azure\/"},"modified":"2020-07-08T00:23:00","modified_gmt":"2020-07-07T21:23:00","slug":"microsofts-project-freta-is-intended-to-stop-malware-in-azure","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/microsofts-project-freta-is-intended-to-stop-malware-in-azure\/","title":{"rendered":"#Microsoft\u2019s Project Freta is intended to stop malware in Azure"},"content":{"rendered":"<p>&#8220;<strong>#Microsoft\u2019s Project Freta is intended to stop malware in Azure<\/strong>&#8221;<\/p>\n<article id=\"post-30385\" target=\"_blank\">\n<div>Project Freta is a new Microsoft Research project introduces a virtual-machine (VM) forensics platform that stops malware. Users will be able to utilize Freta to find malicious software in the cloud.<\/p>\n<p>RECOMMENDED: Click here to fix Windows errors and optimize system performance<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"Project Freta Banner\" height=\"506\" src=\"https:\/\/winaero.com\/blog\/wp-content\/uploads\/2020\/07\/Project-Freta-Banner.png\" width=\"900\"><\/img><\/p>\n<p>As the Project Freta comes from Microsoft Research, the company classifies it as a &#8216;<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> demonstration&#8217;.<\/p>\n<p><span>It captures a snapshot of a VM (supports Hyper-V and VMWare),\u00a0 and then inspects its contents for malware existence. <\/span><span>To achieve this functionality, the user should sign in on the Project Freta web site and then submit VM images used in the special Azure region.\u00a0<\/span><\/p>\n<p>The official announcement says:<\/p>\n<blockquote>\n<p class=\"\">The Project Freta analysis engine consumes snapshots of whole-system Linux volatile memory and extracts an enumeration of system objects. Some kernel hooking identification is performed automatically; this can be used by analysts to detect novel rootkits. The analysis portal is available in prototype form for public use:\u00a0https:\/\/freta.azurewebsites.net.<\/p>\n<p>The prototype portal supports many types of memory snapshots as inputs. Currently, only a Hyper-V checkpoint has been evaluated to provide a reasonable <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roximation of the \u201celement of surprise\u201d necessary to achieve trusted sensing:<\/p>\n<ul>\n<li>Use the Hyper-V checkpoint feature to produce a VMRS file<\/li>\n<li>Convert a VMWare snapshot to produce a CORE file<\/li>\n<li>Extract memory from within a running system using AVML<\/li>\n<li>Extract memory from within a running system using LiME<\/li>\n<\/ul>\n<\/blockquote>\n<p>Memory snapshots for a running VM in Azure can be taken with a special sensor that will allow to capture and move instance&#8217;s memory to an offline area for analysis without stopping its execution.<\/p>\n<p>Completed in the winter of 2019, this sensor capability is currently only available to Microsoft researchers and is not fielded to any of Microsoft&#8217;s commercial clouds\u2014executive briefings and demos are available. This sensor, coupled with the Freta analysis environment, demonstrates a path to cheap, automated memory forensic audits of large enterprises (10,000  VMs).<\/p>\n<p>When analysis is complete, Project Freta will create a report. The report data can be also obtained via REST API and Python.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"Freta Rootkits Figure UpdatedV\" height=\"531\" src=\"https:\/\/winaero.com\/blog\/wp-content\/uploads\/2020\/07\/Freta_Rootkits_Figure_UpdatedV.jpg\" width=\"927\"><\/img><\/p>\n<p class=\"\">The report contains an enumeration of system objects over the interval during which the sample was taken:<\/p>\n<ul>\n<li>Global values and addresses<\/li>\n<li>Debugged processes<\/li>\n<li>In-memory files<\/li>\n<li>Kernel interrupt table<\/li>\n<li>Kernel modules<\/li>\n<li>Kernel syscall table<\/li>\n<li>Networks<\/li>\n<li>Open files<\/li>\n<li>ARP table (arp)<\/li>\n<li>Open sockets<\/li>\n<li>Processes<\/li>\n<li>Unix sockets (lsof)<\/li>\n<\/ul>\n<p>RECOMMENDED: Click here to fix Windows errors and optimize system performance<\/p>\n<\/div>\n<\/article>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/winaero.com\/blog\/microsoft-project-freta-is-intended-to-stop-malware-in-azure\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>if you want to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">watch Movies<\/a> or Tv Shows go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/dizi.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Dizi.BuradaBiliyorum.Com<\/a> <\/span> for forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Microsoft\u2019s Project Freta is intended to stop malware in Azure&#8221; Project Freta is a new Microsoft Research project introduces a virtual-machine (VM) forensics platform that stops malware. Users will be able to utilize Freta to find malicious software in the cloud. RECOMMENDED: Click here to fix Windows errors and optimize system performance As the Project&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[34380,34381,34286],"class_list":["post-22830","post","type-post","status-publish","format-standard","hentry","category-technology","tag-microsofts-project-freta-is-intended-to-stop-malware-in-azure","tag-project-freta","tag-software"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/22830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=22830"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/22830\/revisions"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=22830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=22830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=22830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}