BlueHat IL 2019 - Ulf Frisk - Practical Uses for Hardware-assisted Memory Visualization

Da_9SV9FA34/default.jpg

In this talk, we will explain and demo state-of-the-art hardware-assisted memory visualization and analysis. This method highlights a different perspective on the internals of a running system and was used to find the "Total Meltdown" vulnerability.

We'll showcase the Memory Process File System, which is a different way of visualizing in-memory Windows internals as files in a file system. It brings an easy, yet powerful, point and click interface for memory analysis of processes and in-memory objects, along with an extensive C and Python API. Combined with PCILeech PCIe DMA hardware memory acquisition devices, it even allows simplified read-write access for the entire memory in real-time.

In addition to explaining the framework and setup, we'll demo and show many different uses for this approach: from finding Total Meltdown, to cheating in games, and analyzing malware on physical hardware.

Da_9SV9FA34/default.jpg
BlueHat IL 2019 - Ulf Frisk - Practical Uses for Hardware-assisted Memory Visualization BlueHat IL 2019 - Ulf Frisk - Practical Uses for Hardware-assisted Memory Visualization Reviewed by Anonymous on September 26, 2019 Rating: 5