MemProcFS 代码问题漏洞

MemProcFS is a physical memory virtual file system analysis tool developed by Ulf Frisk. Versions of MemProcFS prior to 5.17 contained code vulnerabilities. These vulnerabilities stemmed from multiple insecure library loading patterns, which could lead to DLL and shared library hijacking, allowin...

Malware Detection through Memory Analysis

This paper summarizes the research conducted for a malware detection project using the Canadian Institute for Cybersecurity's MalMemAnalysis-2022 dataset. The purpose of the project was to explore the effectiveness and efficiency of machine learning techniques for the task of binary classificatio...

VulAgent: Hypothesis-Validation Based Multi-Agent Vulnerability Detection

The application of language models to project-level vulnerability detection remains challenging, owing to the dual requirement of accurately localizing security-sensitive code and correctly correlating and reasoning over complex program context. We present VulAgent, a multi-agent vulnerability...

pwntools

This is a CTF framework and exploit development library. It is a Python library for exploit development and reverse engineering. The library provides a set of tools for creating and executing exploits, as well as for analyzing and debugging binary files. The library is designed to be extensible a...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

About This Project This project was developed as part of the...

VolWeb - A Centralized And Enhanced Memory Analysis Platform

VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a...

MemTracer - Memory Scaner

MemTracer is a tool that offers live memory analysis capabilities, allowing digital forensic practitioners to discover and investigate stealthy attack traces hidden in memory. The MemTracer is implemented in Python language, aiming to detect reflectively loaded native .NET framework Dynamic-Link...

Breaking the Zeppelin Ransomware Encryption Scheme

Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken: The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of...

Rip Raw - Small Tool To Analyse The Memory Of Compromised Linux Systems

Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile. This is not a...

Exploit for Improper Resource Shutdown or Release in Torproject Tor

CVE-2021-46702 Description: Tor Browser 9.0.7 on Windows 10...

CVE-2021-46702

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several...

MemProcFS - The Memory Process File System

The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file...

Breaking (bad) firmware encryption. Case study on the Netgear Nighthawk M1

TL;DR The firmware encryption for the Netgear Nighthawk M1 is mainly XOR. It’s possible to derive the XOR key by statistical analysis, just from the firmware update file itself. It’s then possible to extract an AES key from what’s XOR’d, which can be used to decrypt other parts of the firmware...

Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools

Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerati...

mXtract v1.2 - Memory Extractor & Analyzer

mXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes. Screenshots Scan wi...

PowerShellArsenal - A PowerShell Module Dedicated To Reverse Engineering

PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code, perform .NET malware analysis, analyze/scrape memory, parse file formats and memory structures, obtain internal system information, etc. PowerShellArsenal is...

mXtract - Memory Extractor & Analyzer

An opensource linux based tool that analyses and dumps memory. Its developed as an offensive pentration testing tool which can be used to scan memory for private keys, ips, and passwords using regexes. Remember your results are only as good as your regexes. Screenshots Scan with verbose and with ...

CIRTKit - Tools For The Computer Incident Response Team

One DFIR console to rule them all. Built on top of theViper Framework Documentation Please see the wiki for more information about CIRTKit and documentation Roadmap Future integrations Bit9 Palo Alto Networks EnCase/FTK Future modules Packet Analysis possibly Dshell Javascript...

Query Windows Machine for RAM Artifacts: memtriage

Allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to access physical memory, and Volatility for analysis. Caveats: Doesn’t work with Device Guard enabled. Should be tested on machines before deploying. Example Usage usage: memtriage.exe -...

GRR Rapid Response - Remote Live Forensics For Incident Response

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...