Abstract: Methods and systems provide for detecting exploitation of kernel vulnerabilities which typically corrupt memory. The methods and systems are implemented, for example, via a host, which includes a hypervisor, which controls the operating system (OS) user space and the OS kernel space.

Abstract: Methods and systems for the detection of receipt of potentially malicious web content by a web clients are disclosed. These methods and systems comprise elements of hardware and software for obtaining a sandbox environment on a server, wherein the sandbox is configured according to the system characteristics of the client device, emulating web requests and responses of the web client in the sandbox; and analyzing the behavior of components in the sandbox during processing of received web content.

Abstract: Methods and systems provide for detecting exploitation of kernel vulnerabilities which typically corrupt memory. The methods and systems are implemented, for example, via a host, which includes a hypervisor, which controls the operating system (OS) user space and the OS kernel space.

Abstract: A method of inspecting content intended for a workstation to detect content that performs malicious exploits, including receiving the content for inspection at an inspection server using a processor and memory, loading a virtual machine at the inspection server with an operating system and processes for activating the content, wherein the operating system and processes are similar to those executed at the intended workstation, activating the content in the virtual machine, tracing activity of the virtual machine to form trace data by using features of the processor, wherein upon occurrence of an exception control is transferred to an analyzer that analyzes the trace data based on a context of the exception; and a notification is provided if suspicious activity is detected.

Abstract: A method of inspecting content intended for a workstation to detect content that performs malicious exploits, including receiving the content for inspection at an inspection server using a processor and memory, loading a virtual machine at the inspection server with an operating system and processes for activating the content, wherein the operating system and processes are similar to those executed at the intended workstation, activating the content in the virtual machine, tracing activity of the virtual machine to form trace data by using features of the processor, wherein upon occurrence of an exception control is transferred to an analyzer that analyzes the trace data based on a context of the exception; and a notification is provided if suspicious activity is detected.