Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Project Freta, a free service that allows finding malware in OS memory snapshots

Microsoft launched Project Freta, a free service that allows users to find malware, including rootkit, in operating system memory snapshots. Microsoft has unveiled a new project, dubbed Project Freta, for the discovery of malicious code in operating system memory snapshots. The Project Freta is a cloud-based service that allows users to collect forensic evidence of attacks […]

Freta project

Microsoft launched Project Freta, a free service that allows users to find malware, including rootkit, in operating system memory snapshots.

Microsoft has unveiled a new project, dubbed Project Freta, for the discovery of malicious code in operating system memory snapshots.

The Project Freta is a cloud-based service that allows users to collect forensic evidence of attacks on Linux systems, including the artifacts related to rootkits and other sophisticated malware. The project currently only supports Linux systems, but Microsoft will add in the future the support for investigation on Windows systems.

This initial release of the Project Freta supports over 4,000 Linux kernels.

The name comes from the Warsaw’s Freta Street where Marie Curie was born, she brought X-ray medical imaging to the battlefield.

“While snapshot-based memory forensics is a field now in its second decade, no commercial cloud has yet provided customers the ability to perform full memory audits of thousands of virtual machines (VMs) without intrusive capture mechanisms and a priori forensic readiness.” reads the project description. “Just as yesteryear’s film cameras and today’s smartphones have similar megapixels but vastly different ease of use and availability, Project Freta intends to automate and democratize VM forensics to a point where every user and every enterprise can sweep volatile memory for unknown malware with the push of a button—no setup required.”

Project Freta is a snapshot-based memory forensic solution that was designed to automate full-system volatile memory inspection of virtual machine (VM) snapshots.

According to Microsoft, the solution is transparent to the malware that is not able to detect the sensor before starting the infection chain, this means that evasion techniques implemented by the malicious codes are ineffective.

The project analyzes service looks at processes, global values and addresses, in-memory files, debugged processes, kernel components, networks, ARP tables, open files, open sockets, and Unix sockets.

Project Freta is available through a portal that allows users to upload their operating system images for analysis. The platform produces results that can be accessed directly on the portal or through REST and Python APIs.

Freta project

To that effect, the “trusted sensing system” works by tackling four different aspects that would make systems immune to such attacks in the first place by preventing any program from:

In addition to adding Windows support, Microsoft plans on extending analysis capabilities and implementing AI-based decision-making for detecting new threats.

“Project Freta’s second component for achieving trusted sensing is a sensor built for Azure that allows operators to migrate the volatile memory of live virtual machines to an offline analysis environment without disrupting execution,” concludes the post. “Completed in the winter of 2019, this sensor capability is currently only available to Microsoft researchers and is not fielded to any of our commercial clouds—executive briefings and demos are available. This sensor, coupled with the Freta analysis environment, demonstrates a path to cheap, automated memory forensic audits of large enterprises (10,000+ VMs).”

The documentation for Project Freta is available here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Freta project, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]