IIScan: Detection and Analysis of IIS Native Modules in Volatile Memory
Uloženo v:
| Vydáno v: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Hlavní autor: | |
| Vydáno: |
ProQuest Dissertations & Theses
|
| Témata: | |
| On-line přístup: | Citation/Abstract Full Text - PDF Full text outside of ProQuest |
| Tagy: |
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3275477681 | ||
| 003 | UK-CbPIL | ||
| 020 | |a 9798265413277 | ||
| 035 | |a 3275477681 | ||
| 045 | 2 | |b d20250101 |b d20251231 | |
| 084 | |a 66569 |2 nlm | ||
| 100 | 1 | |a Calato, Brennen Dionisio | |
| 245 | 1 | |a IIScan: Detection and Analysis of IIS Native Modules in Volatile Memory | |
| 260 | |b ProQuest Dissertations & Theses |c 2025 | ||
| 513 | |a Dissertation/Thesis | ||
| 520 | 3 | |a The Internet Information Services (IIS) is a Microsoft-developed web server designed with a modular architecture to foster extensibility. Its worker process loads all IIS modules when the server receives a request, and native modules operate with the same level of access as the worker process. The built-in persistence and resource access make malicious modules powerful tools post-compromise. This thesis focuses on identifying all native modules in the system by analyzing volatile memory. Through binary analysis of the worker process, we identify critical data structures containing information about system modules. We developed two Volatility plugins to assist in detecting these modules and extracting critical information, offering valuable tools for memory forensics of IIS web servers. | |
| 653 | |a Evidence | ||
| 653 | |a Internet | ||
| 653 | |a Application programming interface | ||
| 653 | |a Forensic sciences | ||
| 653 | |a Debugging | ||
| 653 | |a Information services | ||
| 653 | |a Malware | ||
| 653 | |a Criminal investigations | ||
| 653 | |a Customization | ||
| 653 | |a Dynamic link libraries | ||
| 653 | |a Servers | ||
| 653 | |a Computer forensics | ||
| 653 | |a Factories | ||
| 653 | |a Computer science | ||
| 773 | 0 | |t ProQuest Dissertations and Theses |g (2025) | |
| 786 | 0 | |d ProQuest |t ProQuest Dissertations & Theses Global | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3275477681/abstract/embedded/6A8EOT78XXH2IG52?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3275477681/fulltextPDF/embedded/6A8EOT78XXH2IG52?source=fedsrch |
| 856 | 4 | 0 | |3 Full text outside of ProQuest |u https://repository.lsu.edu/gradschool_theses/6118/ |