サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
iPhone 16
mnin.blogspot.com
In this blog post, we'll examine Stuxnet's footprint in memory using Volatility 2.0. A talk was given at Open Memory Forensics Workshop on this topic (see the online Prezi) and the details will be shared here for anyone who missed it. I picked this topic for two reasons. First, Stuxnet modifies an infected system in such ways that are perfect for showing off many of the new capabilities in Volatil
There are various ways of finding objects and data structures in a memory dump. Two of the popular ways include list traversal (or pointer traversal) and pool scanning. Depending on which plugin you use, Volatility allows you to enumerate processes, sockets, connections, and kernel modules using both of these methods. Regarding threads, however, there is only one plugin, named thrdscan2, which use
Coding, Reversing, Exploiting
このページを最初にブックマークしてみませんか?
『MNIN Security Blog』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く