IPED icon indicating copy to clipboard operation
IPED copied to clipboard

Published 20 hours ago verified publisher icon sepinf-inc

Parse BMC cache

Open MariasStory opened this issue 2 years ago • 1 comments

Hi team, Thanks again for the very cool tool it is. Please implement a BMC cache paser for remote desktop cache. The tool I am using: https://github.com/ANSSI-FR/bmc-tools The images are little squares from the remote desktop sessions. They can be reconstructed and give a valuable inside in the RDP related attacks.

MariasStory avatar Sep 01 '22 17:09 MariasStory

This could be very useful, thanks for pointing. I don't know French, but the license summary of above tool seems not compatible with ours:

Strong copyleft license made by three French public research organisations, CEA, CNRS, and Inria, compatible with AGPL-3.0, EUPL-1.1, and GPL-2.0, or later versions of those licenses.

But, integrating it as a plugin module loaded at runtime may possible...

lfcnassif avatar Sep 01 '22 18:09 lfcnassif

This seems very simple as the cache has only the tiles images to be extracted. I implemented a parser that works for BIN file in RDPTilesCache branch.

patrickdalla avatar Oct 31 '22 12:10 patrickdalla

Thank you @patrickdalla! But I would like you to help me finish works already started. Could you help the progress on #1341?

PS: Today I'm giving lectures all day.

lfcnassif avatar Oct 31 '22 12:10 lfcnassif