Memory has long been subject to many eyes, from both offensive and defensive sides — from fileless malwares to debugging and troubleshooting through memory inspection. As it is becoming more and more common to encounter servers with terabytes of memory, but also to spin off and shutdown temporary servers because of containers where only plain text logs are collected. And this is without mentioning hybrid servers like Windows with WSL (Linux Subsystem) enabled.
A lot of very exciting things are being rolled out by cloud providers, but they are also creating blind-spots from a monitoring point of view. Let’s explore together how memory integrity can be use as more robust form of logs than plain text logs for those new scenarios.