Collaborate Disseminate
Most of us have a pretty simple model of how a computer works. The CPU fetches instructions and data from memory, executes them, and writes data back to memory. That model is a good enough abstraction for most of what we do, but it hasn’t really been true for a …read more
The field of maliciously accessing another process’s memory has been broadly studied in the Linux environment.
But for some reason I am not able to find similar discussion/similarities for the Docker environment, even despi… Continue reading Docker container which reads memory belonging to another container
So lets say we have a rootkit on our system
can this rootkit write something inside a kernel process?
for example in windows, can a rootkit write to ntoskrnl process, changing some functions and creating a new one, therefor… Continue reading Can a rootkit write to a virtual memory of a kernel process and rewrite a instruction to jump into his own malicious code inside that process?
Im a noob with virtual boxes, I have realtek rtl8812au but it does not get detected in virtual box. Can you guys help me with it. my host is an ubuntu 18.04 version.
I’m trying to decrypt a file in memory and this file was encrypted with openssl.
For doing that, i use mmap for loading my encrypted file in memory like that:
void* src = mmap(0, statbuf.st_size,PROT_READ | PROT_WRITE, MAP_S… Continue reading How to decrypt a file in virtual memory in C
The year so far has been filled with news of Spectre and Meltdown. These exploits take advantage of features like speculative execution, and memory access timing. What they have in common is the fact that all modern processors use cache to access memory faster. We’ve all heard of cache, but what exactly is it, and how does it allow our computers to run faster?
In the simplest terms, cache is a fast memory. Computers have two storage systems: primary storage (RAM) and secondary storage (Hard Disk, SSD). From the processor’s point of view, loading data or instructions from RAM is …read more
Assuming there is a virtual function table entry which I want to sanitize, and I can add code into the program I want to protect in order to enforce the sanitization, can somebody shed some light how to do that?
The essentia… Continue reading How to sanitize the virtual function table entries within the process?
I was trying to run shellcode with a specific token in C# and my code is
public static void RunShellCode (NtToken token ,byte[] command) {
byte[] shell_code = new byte[command.Length];
shell_code = command… Continue reading Can we run a shellcode with a specific access token in C#
I have heard that Ring 1 and Ring 2 memory protections are basically no-longer used within modern systems.
However, when I checked into things, all I found was that these rings are somehow associated with drivers and driver … Continue reading Ring 1 and Ring 2 Memory Protection Architecture
I had a conversation with @anger32 who states that zeroing a physical memory page frame when passing the page backed by that frame to another process is not the responsibility of OSes like Windows and Linux (though they do th… Continue reading Reading physical memory frame previously owned by another process to read contents of its memory page