Abstract: Systems and methods of detecting an exploit of a vulnerability of a computing device, including receiving an execution flow of at least one process running in a processor of the computing device, wherein the execution flow is received from a performance monitoring unit (PMU) of the processor, receiving memory pages from a memory of the computing device, reconstructing the execution flow of the process on another processor based on PMU data and the memory pages, running at least one exploit detection algorithm on the reconstructed process in order to identify an exploit attempt and issuing an alert.

Abstract: Systems and methods of detecting an exploit of a vulnerability of a computing device, including receiving an execution flow of at least one process running in a processor of the computing device, wherein the execution flow is received from a performance monitoring unit (PMU) of the processor, receiving memory pages from a memory of the computing device, reconstructing the execution flow of the process on another processor based on PMU data and the memory pages, running at least one exploit detection algorithm on the reconstructed process in order to identify an exploit attempt and issuing an alert.

Abstract: A system and method for cyber security, the system including a digital minefield layer implemented in a computing environment, including multiple decoy resources in various layers of an operating system of the computing environment, and a detection module to detect interaction with at least one of the decoy resources. The method includes deploying, by a digital minefield layer implemented in a computing environment, multiple decoy resources in various layers of an operating system of the computing environment, and monitoring the decoy resources by a detection module to detect interaction with at least one of the decoy resources.