Less than 1 month –
30+ hrs/week –
• Windows kernel level program
o Examine currently running processes to determine:
o File location
o Memory Footprint
o MD5 of file
o Compare running processes to a supplied list of acceptable parameters for that process
o All communication through encrypted communications
o Alert on programs through encrypted communication to an external server
o Receive terminate signal of programs at the kernel level based on communication with external server.
o File size: 88kB
• Linux kernel level program
o Examine ...