Mathieu Tarral
Mathieu Tarral
At the moment we rely on parsing LibVMI's JSON rekall profile and insert the entries into radare's flagspace. This will only bring us kernel symbols, and it needs Rekall in...
LibVMI only allows to set a memory access event on an already mapped page, since it needs access to the page frame
Currently we attach to a process by listening to CR3 events. We should enumerate the threads, pick the first one, find the thread context and read the value of `rip`...
LibVMI caches the data after a read. We need to flush the caches when the VM has been running and then paused. `__wait` is a good start.
To be really useful, we need to be able to attach to a new process being created, and break on the entrypoint. This address should be in the `Win32StartAddress` field...
issue is opened on `r2pipe`: https://github.com/radare/radare2-r2pipe/issues/54
Hi, at the moment, we can request the nested virtualization in the Vagrantfile with `libvirt.nested = true`. However, if the nested virtualization is disabled on the host, vagrant does not...
Hi, I'm using your plugin, version `3.4.0.1`. I previously inserted in my database 3 types of nodes: - `OS` - `Syscall` - `Process` I cleaned up the database using `py2neo`...
Hi, I'm developing a small application with VueJS, Neo4j and GraphQL. Unfortunately, when Vue is trying to load the data from the GraphQL endpoint, my browser complains that a `Cross-Origin`...
Hi ! I'm using neo4j-graphql to query a neo4j database containing information about system calls. I inserted 2 kinds of nodes into the database: - `SyscallTable` - `Syscall` After insertion,...