Quantcast
Channel: Security | DMA | Hacking
Browsing latest articles
Browse All 11 View Live
↧

Image may be NSFW.
Clik here to view.

DMA attacking over USB-C and Thunderbolt 3

I just got an Intel NUC Skull Canyon that has an USB-C port capable of Thunderbolt 3. Thunderbolt is interesting since it's able to carry PCI Express which is Direct Memory Access (DMA) capable. I have...

View Article


Image may be NSFW.
Clik here to view.

Disable Virtualization Based Security (VBS) on auto-booting systems

I this post I will show how it's possible to disable Windows 10 Virtualization Based Security (VBS), Credential and Device Guard, by corrupting in-memory structures prior to operating system boot.For...

View Article


Image may be NSFW.
Clik here to view.

Windows 10 KASLR Recovery with TSX

It is possible to break Kernel Address Space Layout Randomization (KASLR) on modern operating systems running on modern x86 CPU's.One possible way of doing this is to time certain operations when using...

View Article

Image may be NSFW.
Clik here to view.

macOS FileVault2 Password Retrieval

macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the...

View Article

Image may be NSFW.
Clik here to view.

Attacking UEFI Runtime Services and Linux

Attackers with physical access are able to attack the firmware on many fully patched computers with DMA - Direct Memory Access. Once code execution is gained in UEFI/EFI Runtime Services it is possible...

View Article


Image may be NSFW.
Clik here to view.

Attacking UEFI

Unlike macs many PCs are likely to be vulnerable to pre-boot Direct Memory Access (DMA) attacks against UEFI. If an attack is successful on a system configured with secure boot - then the chain of...

View Article

Image may be NSFW.
Clik here to view.

Introducing the Memory Process File System for PCILeech

The Memory Process File System for PCILeech is an easy and convenient way to quickly look into memory dumps. The processes in a memory dump and their virtual memory should be mapped as files and...

View Article

Image may be NSFW.
Clik here to view.

Total Meltdown?

Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing.Meet the Windows 7 Meltdown patch from...

View Article


Image may be NSFW.
Clik here to view.

Remote LIVE Memory Analysis with The Memory Process File System v2.0

This blog entry aims to give an introduction to The Memory Process File System and show how easy it is to do high-performant memory analysis even from live remote systems over the network.This and much...

View Article


Image may be NSFW.
Clik here to view.

Introducing the LeechAgent

The LeechAgent is a 100% free open source endpoint solution geared towards remote physical memory acquisition and analysis on Windows endpoints in Active Directory environments.The LeechAgent provides...

View Article

Image may be NSFW.
Clik here to view.

Modifying the Acorn CLE-215+ FPGA into a PCILeech DMA attack device

PCILeech and MemProcFS allows for easy-to-use user-friendly DMA attacks and hardware assisted memory analysis. This is possible since PCI Express supports DMA. Unfortunately production of compatible...

View Article
Browsing latest articles
Browse All 11 View Live