Tweetovi

Blokirali ste korisnika/cu @gerhart_x

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @gerhart_x

  1. 29. sij

    Windows Server 2019 securekernel live debugging demo

    Poništi
  2. 27. sij

    Hyper-V is part of Microsoft Hyper-converged infrastructure . And this infrastructure is not popular now according Gartner say. There was a completely different picture in 2015.🤔

    Poništi
  3. 27. sij

    Uhh, contest is lost ) Article about web app vulns win: Big thanks Securitylab and Positive Technologies for incentive prizes!

    Poništi
  4. 26. sij

    WinDBG is not successfully adopted to windows securekernel, because there is no KdVersionBlock inside it, but can still give useful information about modules.

    Poništi
  5. 25. sij

    Good whitepaper about windows 10 secure kernel: "Live forensics on the Windows 10 securekernel (2017)"

    Poništi
  6. 23. sij

    VMware TP 20H1 works with Hyper-V now, therefore guest os memory can be read by LiveCloudKd.

    Poništi
  7. 21. sij

    Parsing securekernel IDT table using LiveCloudKd EXDi plugin. Securekernel!SkiFatalException eq nt!KiIsrThunkShadow in that case and was missed.

    Poništi
  8. proslijedio/la je Tweet
    20. sij

    The 7th part of the tutorial Hypervisor From Scratch is published! In this part, I described EPT. Thanks to Petr as Hypervisor From Scratch could never have existed without his help and to Alex for patiently answering my questions.

    Poništi
  9. 19. sij

    There is known 32 breakpoints kernel debugging limit in WinDBG. But using EXDi extension you can add 671 breakpoints (f.e. command "bp nt!nt*" with many limitation warnings), and they will be work. Breakpoint number 332 was triggered on screenshot.

    Poništi
  10. 5. sij

    Hyper-V VM with dynamic memory enabled option has much more physical memory blocks, then VM with static memory size.

    Poništi
  11. 4. sij
    Poništi
  12. 3. sij

    Debugging Hyper-V docker container. Disk writing principle looks similar to Hyper-V VM, but we still see VSMB-named file handles in kernel🤔

    Poništi
  13. proslijedio/la je Tweet
    28. pro 2019.

    With , the (unofficial) Hyper-V Development Kit now includes the most complete and accurate public list of all Hyper-V Call Codes (way ahead of the TLFS which has not been updated in years). I hope this is useful to others -- cc

    Poništi
  14. 25. pro 2019.

    My 666th tweet. If you rotate Diablo images you can see some additional pictures ) Inspired by NBA Chicago Bulls team emblem.

    Poništi
  15. 20. pro 2019.

    Debugging Windows Server 2019 Hyper-V shielded guest OS using LiveCloudKd EXDi plugin (breakpoints and single-step operations while).

    Poništi
  16. 18. pro 2019.
    Prikaži ovu nit
    Poništi
  17. 15. pro 2019.

    WinDBG 10 and WinDBG Preview, when parsing DMP file, get context region offset using KPRCB.Context field instead of DUMP_HEADER64.ContextRecord. KPRCB.Context offsets can be found in DEBUGGER_DATA_BLOCK.OffsetPrcbContext. No need additional fix in LiveCloudKd for dmp format more.

    Poništi
  18. 14. pro 2019.

    Workshop author is

    Prikaži ovu nit
    Poništi
  19. 14. pro 2019.

    Pretty good workshop, describing Windows drivers DSE bypassing! It allows run LiveCloudKd with own hvmm.sys driver on Windows Server 2019 with Dec 2019 patches and Secure Boot enabled.

    Prikaži ovu nit
    Poništi
  20. 10. pro 2019.

    LiveCloudKd can do this now. Btw, replaced static structures for Gpar and MB blocks with dynamic searching functions. It must make hvmm.sys driver development more flexible for different OS versions.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·