Loïc Jaquemet
Loïc Jaquemet
haystack could use Frida to monitor specific memory changes (read || Write) in a specific memory allocation. a sort of haystack-show/watch, but based on an actual event loop, not a...
https://github.com/nowsecure/frida-memory-stream
https://www.frida.re/docs/usage/ even more straightforward
Totally a priority
We do want to do that because there is no other way to ensure the heapwalker haystack modules will not be subverted by some weird buggy user code reimporting the...
Good idea. Should be quite simple. One of the issue is that some protected memory segments will not be accessible. A solution is code injection. I think that Frida-re could...
https://github.com/nowsecure/frida-memory-stream
http://www.tylerhalfpop.com/2015/03/dakotacon-slides.html
http://www.vldb2005.org/program/paper/wed/p301-augsten.pdf https://github.com/TylerGoeringer/PyGram https://networkx.github.io/documentation/latest/reference/algorithms.isomorphism.html https://graph-tool.skewed.de/static/doc/topology.html#graph_tool.topology.isomorphism http://en.wikipedia.org/wiki/Graph_isomorphism_problem
https://www.rsaconference.com/writable/presentations/file_upload/anf-t09_detecting-unknown-malware-security-analytics-_-memory-forensics.pdf