Ulf Frisk

@UlfFrisk

IT-Security Minion | DMA Hacker | | PCILeech | MemProcFS

Sweden
Vrijeme pridruživanja: travanj 2016.

Medijski sadržaj

  1. 26. sij

    Anyone know if there are plans for nested Hyper-V on AMD/EPYC/Ryzen?

  2. 21. sij

    Got myself a new AMD 😀 can't wait to try it out! Hopefully cooler will arrive tomorrow...

  3. 7. sij

    PCILeech FPGA custom PCIe configspace now supported! Mimic real devices more closely for research purposes 😈 Also, code signing of binaries.

    Prikaži ovu nit
  4. 4. sij

    same UEFI DMA attack I demoed at 34c3 still work 2 years later on my brand new high-end laptop with most recent UEFI 😥

    Prikaži ovu nit
  5. 27. pro 2019.

    Arrived at 36C3 😀

  6. 20. pro 2019.

    Just got a completely user-settable PCIe configuration space up and running for PCILeech PCIe FPGA devices. Should allow for some interesting future research 😈

    Prikaži ovu nit
  7. 19. pro 2019.

    Pypykatz RegSecrets added to MemProcFS. Click on memory dump file to pwn & extract password hashes and other secrets from registry 😈 Super thanks to for all awesome work! Grab MemProcFS and auto-install the plugin.

    Prikaži ovu nit
  8. 19. pro 2019.
    Odgovor korisniku/ci

    wow, this is super nice, awesome work! - so many possibilities 😈 and it's super fast :) Thank You! I hope it's OK for me to code a small MemProcFS plugin around this?

  9. 3. pro 2019.

    MemProcFS v3.0 finally released 🔥 Super fast memory analysis in convenient file system or C/Python API. Now support Threads, Handles, VADs! Completely rewritten memory core -> way better memory&file recovery rates 😀

    Prikaži ovu nit
  10. 14. lis 2019.

    NeTV2 support for PCILeech and MemProcFS released! 7MB/s memory read/write over 100Mbit UDP. Raw PCIe TLP access! Plenty of speed for many DMA attacks 😈 also for MemProcFS memory forensics, analysis and debugging 😀

    Prikaži ovu nit
  11. 11. lis 2019.

    2nd NeTV2 (35T-model) now working beautifully with PCILeech and MemProcFS too - after cleaning the PCIe with soap! Super stable 7MB/s over 100Mbit ETH. Let's do some weekend coding and release next week 😀

  12. 3. lis 2019.

    DMA with NeTV2 and PCILeech over UDP. Only ~1MB/s right now, still plenty for MemProcFS to parse memory into virtual file system and create live memdump for WinDbg

    Prikaži ovu nit
  13. 23. ruj 2019.

    WinDbg your raw memory dumps! - MemProcFS v2.10 now create WinDbg compatible dump file on the fly from any Win7/8/10 physical memory. Live memory from driver or PCILeech PCIe FPGA device works too 😀

    Prikaži ovu nit
  14. 11. ruj 2019.

    MemProcFS v2.9 full registry support finally released! Easy-to-use and fast live memory analysis via mounted virtual file system or Python/C/C++ API!

    Prikaži ovu nit
  15. 30. kol 2019.

    Working on registry support for MemProcFS, still in early stages. Parsing semi-broken reghives from memory and showing them in the virtual file system 😀

  16. 21. kol 2019.

    Added Win10 MemCompression support to MemProcFS v2.8 - Easy-to-use live memory analysis via mounted virtual file system or Python/C/C++ API!

    Prikaži ovu nit
  17. 10. kol 2019.

    Waiting for and talk "Get off the Kernel if you can’t Drive" to start noe at track1

  18. 7. kol 2019.

    PCILeech DMA attack demos at BlackHat with picoDMA by Joel Sandin and Ben Blaxill

  19. 28. lip 2019.

    MemProcFS v2.7 - fast multi-threaded memory analysis in easy to use file system! Analyze memory dump files or live memory using PCILeech FPGA device or agent/driver. New modules: Net TCP connections and Physical to Virtual memory scan.

    Prikaži ovu nit
  20. 25. lip 2019.

    Working on new PCILeech/MemProcFS functionality. phys2virt module scan page tables of 200+ processes from live system for virtual addresses mapping to physical address in 10 seconds 😀 Multi-threaded memory analysis is super nice and super fast!

    Prikaži ovu nit

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·