Abyss Watcher

Hi @petterpet, I found that the problem was a duplicated "vars" file ("/etc/openvpn/easy-rsa/vars" : old location, "/etc/openvpn/easy-rsa/pki/vars" : new location). So I tweaked the script to store the variables in...

Glad it worked ! It was really annoying, as this project was exactly what I was looking for ... Yeah it was not really clean, I should have thought to...

Hi, compile dwardump directly from source, instead of using the one provided by "apt" : https://github.com/davea42/libdwarf-code

Haven't this plugin been replaced by : https://github.com/AsafEitani/rootkit_plugins/blob/main/plugins/check_seqops.py, at least for kernels after https://elixir.bootlin.com/linux/v4.17.19/source/include/net/tcp.h ?

Hello, looking forward to implement Linux aarch64 support for Volatility3, I will work on this subject starting from now. This does not imply that I will be able to provide...

Hi @ikelos, thanks for your quick replies ! I will check every of your comment right now, as I have some spare time. Regarding your general concern regarding `mapping`, it...

Here is what a typical layer instantiation debug looks like : Kernel layer instantiated by `LinuxStacker` and a higher stacker : ```sh DEBUG volatility3.framework.automagic.linux: Linux ASLR shift values determined: physical...

Hi @garanews, could we discuss about it in Slack DMs, to avoid filling the PR with comments ? I'll post a summary here if we get this fixed :) edit...

> Can you please provide the steps to build it for aarch64? Was trying to do it on a aws ec2, and I am not able to. Hi, here is...

> @eve-mem thanks. > > I try dwarf2json to the kernel > > ``` > dwarf2json linux --elf linux.elf > Failed linux processing: could not open linux.elf: bad magic number...