.png)
Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is provided by volatility3. Features x509 Public and Private key (PKCS #8/PKCS #1) parsing SymCrypt parsing Supported structures SYMCRYPT_RSAKEY – Determines if the key structure also has a private key Matching to public certificates found in the same process More …
Tag Archives: Kernel
Dnx Firewall – A Pure Python Next Generation Firewall Built On Top Of Linux Kernel/Netfilter
DNX Firewall is an optimized/high performance collection of applications or services to convert a standard linux system into a zone based next generation firewall. All software is designed to run in conjunction with eachother, but with a modular design certain aspects can be completely removed with little effort. The primary security modules have DIRECT/INLINE control …
KsDumper : Dumping Processes Using The Power Of Kernel Space
KsDumper is a dumping processes using the power of kernel space. It is a custom driver that would allow me to copy the process memory without using OpenProcess. Features Dump any process main module using a kernel driver (both x86 and x64) Rebuild PE32/PE64 header and sections Works on protected system processes & processes with …
Continue reading “KsDumper : Dumping Processes Using The Power Of Kernel Space”
Icebox : Virtual Machine Introspection, Tracing & Debugging
Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It’s based on project Winbagility. Files which might be helpful: INSTALL.md: how to install icebox. BUILD.md: how to build icebox. Project Organization fdp: Fast Debugging Protocol sources icebox: Icebox sources icebox: Icebox lib (core, os …
Continue reading “Icebox : Virtual Machine Introspection, Tracing & Debugging”
SALT – SLUB ALlocator Tracer for the Linux Kernel
Welcome to salt, a tool to reverse and learn kernel heap memory management. It can be useful to develop an exploit, to debug your own kernel code, and, more importantly, to play with the kernel heap allocations and learn its inner workings. This tool helps tracing allocations and the current state of the SLUB allocator in …
Continue reading “SALT – SLUB ALlocator Tracer for the Linux Kernel”
Tyton : Kernel-Mode Rootkit Hunter
Tyton Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+. Detected Attacks Hidden Modules Syscall Table Hooking Network Protocol Hooking Netfilter Hooking Zeroed Process Inodes Process Fops Hooking Interrupt Descriptor Table Hooking Also Read:Hatch – Brute Force Tool That Is Used To Brute Force Most Websites Additional Features Notifications: Users (including myself) do not actively monitor their journald …
Kemon – An Open-Source Pre & Post Callback-Based Framework For macOS Kernel Monitoring
Kemon is an open-source Pre and Post callback-based framework for macOS kernel monitoring. With the power of it, we can easily implement LPC communication monitoring, MAC policy filtering, kernel driver firewall, etc. In general, from an attacker’s perspective, this framework can help achieve more powerful Rootkit. From the perspective of defense, it can help construct …