3
edits
Security/Mentorships/MWoS/2014/Cross-platform memory scanning in Go: Difference between revisions
Security/Mentorships/MWoS/2014/Cross-platform memory scanning in Go (view source)
Revision as of 16:12, 8 August 2014
, 8 August 2014→Updates
No edit summary |
Aemartinez (talk | contribs) |
||
| Line 18: | Line 18: | ||
=== Success Criteria === | === Success Criteria === | ||
== Updates == | == Updates == | ||
=== 2014-08-08 === | |||
Summary of the week | |||
* Linux program to check libs for regexp done. | |||
* Port windows EnumProcessModules to go: 50% (only ported EnumProcesses and started with EnumProcessModules) | |||
* Mac: Program to list memory regions of a pid. This enables us to do vm_read to read | |||
arbitrary memory addresses. | |||
* We have now a repository on github: https://github.com/mozilla/migmem | |||
Plan for next week: | |||
*Researh more about Mac, read The art of memory forensics. | |||
*Read about: Hollow process detection | |||
** influence of ASLR ? /proc/sys/kernel/randomize_va_space | |||
* Finish porting windows EnumProcessModules to go. | |||
*Write a symbol table attack in C and write the module that detects it. | |||
=== 2014-08-01 === | === 2014-08-01 === | ||
Summary of the week: | Summary of the week: | ||