US 12,189,780 B1
Detecting kernel exploits
Peter Laurence Markowsky, New York, NY (US)
Assigned to Capsule8, Inc., New York, NY (US)
Filed by Capsule8, Inc., Brooklyn, NY (US)
Filed on Jun. 15, 2021, as Appl. No. 17/348,680.
Application 17/348,680 is a continuation of application No. 16/698,925, filed on Nov. 27, 2019, granted, now 11,106,800.
Claims priority of provisional application 62/825,737, filed on Mar. 28, 2019.
Claims priority of provisional application 62/773,892, filed on Nov. 30, 2018.
Int. Cl. G06F 21/57 (2013.01); G06F 11/07 (2006.01); G06F 11/30 (2006.01); G06F 11/32 (2006.01); G06F 11/36 (2006.01); G06F 21/55 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 11/0793 (2013.01); G06F 11/3093 (2013.01); G06F 11/327 (2013.01); G06F 11/3636 (2013.01); G06F 21/552 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
a memory storing instructions; and
a processor configured by the instructions stored in the memory to:
monitor a kernel of a computing node for the activation of a set of one or more previously attached Kprobes;
determine that a strategy pattern match has occurred by detecting, with an activation of at least one of the previously attached Kprobes, a modification to a bit in a control register of the computing node that disables execution prevention or access prevention in a memory of the kernel of the computing node; and
take a remedial action in response to the determination that the strategy pattern has been matched.