Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @gerhart_x
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @gerhart_x
-
Windows Server 2019 securekernel live debugging demohttps://youtu.be/tRLQwsJQ-hU
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hyper-V is part of Microsoft Hyper-converged infrastructure https://docs.microsoft.com/en-us/windows-server/hyperconverged/ …. And this infrastructure is not popular now according Gartner say. There was a completely different picture in 2015.
pic.twitter.com/Y6YrPQqFcX
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Uhh, contest is lost ) https://www.securitylab.ru/contest/504415.php … Article about web app vulns win: https://www.securitylab.ru/contest/499971.php … Big thanks Securitylab and Positive Technologies for incentive prizes!https://twitter.com/gerhart_x/status/1169155010191613952 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
WinDBG is not successfully adopted to windows securekernel, because there is no KdVersionBlock inside it, but can still give useful information about modules.pic.twitter.com/dWyLfE82CT
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Good whitepaper about windows 10 secure kernel: "Live forensics on the Windows 10 securekernel (2017)" https://ntnuopen.ntnu.no/ntnu-xmlui/bitstream/handle/11250/2448948/18109_FULLTEXT.pdf …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
VMware TP 20H1 works with Hyper-V now, therefore guest os memory can be read by LiveCloudKd.pic.twitter.com/bMqZu03hmi
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Parsing securekernel IDT table using LiveCloudKd EXDi plugin. Securekernel!SkiFatalException eq nt!KiIsrThunkShadow in that case and was missed.pic.twitter.com/wz7p1Pg78F
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
gerhart proslijedio/la je Tweet
The 7th part of the tutorial Hypervisor From Scratch is published! In this part, I described EPT. Thanks to Petr
@PetrBenes as Hypervisor From Scratch could never have existed without his help and to Alex@aionescu for patiently answering my questions.https://rayanfam.com/topics/hypervisor-from-scratch-part-7/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
There is known 32 breakpoints kernel debugging limit in WinDBG. But using EXDi extension you can add 671 breakpoints (f.e. command "bp nt!nt*" with many limitation warnings), and they will be work. Breakpoint number 332 was triggered on screenshot.pic.twitter.com/Si4TbuTQqG
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hyper-V VM with dynamic memory enabled option has much more physical memory blocks, then VM with static memory size.pic.twitter.com/6XRiDCjbnK
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Update IDA PRO Hyper-V hvix64 hypercall's handlers creation script with hypercall names from hvgdk.h https://github.com/gerhart01/Hyper-V-scripts/blob/master/CreatemVmcallHandlersTable20H1.py …https://twitter.com/aionescu/status/1211103594692239361 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Debugging Hyper-V docker container. Disk writing principle looks similar to Hyper-V VM, but we still see VSMB-named file handles in kernel
pic.twitter.com/qyILHL21O9
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
gerhart proslijedio/la je Tweet
With https://github.com/ionescu007/hdk/commit/0a952eb8fcb33353e90e47569201105904ab2df1 …, the (unofficial) Hyper-V Development Kit now includes the most complete and accurate public list of all Hyper-V Call Codes (way ahead of the TLFS which has not been updated in years). I hope this is useful to others -- cc
@gerhart_x@AmarSaarHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
My 666th tweet. If you rotate Diablo images you can see some additional pictures ) Inspired by NBA Chicago Bulls team emblem.pic.twitter.com/SCcYBW6AFi
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Debugging Windows Server 2019 Hyper-V shielded guest OS using LiveCloudKd EXDi plugin (breakpoints and single-step operations while).https://youtu.be/_8rQwB-ESlk
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Сorresponding LiveCloudKd build was shared: https://github.com/gerhart01/LiveCloudKd/releases/download/v1.2.20191512-beta/Release15.12.2019.zip …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
WinDBG 10 and WinDBG Preview, when parsing DMP file, get context region offset using KPRCB.Context field instead of DUMP_HEADER64.ContextRecord. KPRCB.Context offsets can be found in DEBUGGER_DATA_BLOCK.OffsetPrcbContext. No need additional fix in LiveCloudKd for dmp format more.pic.twitter.com/6tuYjFtrmS
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Pretty good workshop, describing Windows drivers DSE bypassing! https://github.com/theevilbit/workshops/tree/master/DSE%20Bypass%20Workshop … It allows run LiveCloudKd with own hvmm.sys driver on Windows Server 2019 with Dec 2019 patches and Secure Boot enabled.pic.twitter.com/G70ZAU0j1l
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
LiveCloudKd can do this now. Btw, replaced static structures for Gpar and MB blocks with dynamic searching functions. It must make hvmm.sys driver development more flexible for different OS versions.pic.twitter.com/5AORkDWdRs
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.