On Thu, Jul 12, 2012 at 1:11 PM, wrote:
> There's a number of attacks using the MTRR and IOMMU to cause the CPU to have
> a
> different view of memory. It is indeed possible for something to be sitting
> in
> memory but not be visible to *you* (while still being visible to something
> that
>
On Thu, 12 Jul 2012 18:47:53 +0200, phocean said:
> - Volatility: anything has to sit somehow in the memory, so there is no
> way for it to escape from the analysis.
There's a number of attacks using the MTRR and IOMMU to cause the CPU to have a
different view of memory. It is indeed possible fo
Me is give up too ;) Thanks anyway.
--- phocean
Le 12 juil. 2012 à 19:07, Григорий Братислава a écrit :
> On Thu, Jul 12, 2012 at 1:02 PM, phocean <0...@phocean.net> wrote:
>> Not sure if you are kidding.
>>
>> 1) WinDBG is a debugger, not really memory dump.
>> 2) Not sure to understand*
>> 3)
On Thu, Jul 12, 2012 at 1:02 PM, phocean <0...@phocean.net> wrote:
> Not sure if you are kidding.
>
> 1) WinDBG is a debugger, not really memory dump.
> 2) Not sure to understand*
> 3) It is your opinion.
> 4) Don't understand. Sounds like a joke, but even with that angle I don't
> get it.*
>
> * I
Not sure if you are kidding.
1) WinDBG is a debugger, not really memory dump.
2) Not sure to understand*
3) It is your opinion.
4) Don't understand. Sounds like a joke, but even with that angle I don't get
it.*
* If only you stopped with this weird english.
--- phocean
Le 12 juil. 2012 à 18:5
On Thu, Jul 12, 2012 at 12:47 PM, phocean <0...@phocean.net> wrote:
> Yes, maybe WinDbg… Not that I am confortable with WinDBG, but certainly a
> good chance to learn and get more familiar.
>
> However:
>
> - Volatility: anything has to sit somehow in the memory, so there is no way
> for it to esca
Yes, maybe WinDbg… Not that I am confortable with WinDBG, but certainly a good
chance to learn and get more familiar.
However:
- Volatility: anything has to sit somehow in the memory, so there is no way for
it to escape from the analysis. It has all advantages of offline analysis. I
don't thin
On Thu, Jul 12, 2012 at 12:09 PM, phocean <0...@phocean.net> wrote:
> Could you elaborate please?
> What that I haven't done yet? If we agree there is nothing in the RAM dump,
> how can we explain the artefacts?
>
> Musntlive, I never trust any antivirus.
>
> --- phocean
0x00: MusntLive will alway
Could you elaborate please?
What that I haven't done yet? If we agree there is nothing in the RAM dump, how
can we explain the artefacts?
Musntlive, I never trust any antivirus.
--- phocean
Le 12 juil. 2012 à 17:46, valdis.kletni...@vt.edu a écrit :
> On Thu, 12 Jul 2012 11:00:36 -0400, Григо
On Thu, 12 Jul 2012 11:00:36 -0400, ÐÑигоÑий ÐÑаÑиÑлава said:
> I just checked your machine for you. You are is safe. Stay thirsty my friend
+1
pgp2fPfB2HtKf.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Char
On Thu, Jul 12, 2012 at 9:57 AM, phocean <0...@phocean.net> wrote:
> The only antivirus I have tried so far is Microsoft Security Essentials. And
> it finds nothing, which I certainly don't trust at all.
> Especially because it shows a very unusual certificate alert during the
> setup.
> I also sca
A better way of proceeding on this, assuming you can afford the time,
is to boot from of the many live boot CDs (UBCD4Win, BartPe, various
Linux-based rescue disks) to scan the disk while the suspect OS is not
in memory. Those CD images either come with, or can be caused to
contain, various AV pack
The only antivirus I have tried so far is Microsoft Security Essentials. And it
finds nothing, which I certainly don't trust at all.
Especially because it shows a very unusual certificate alert during the setup.
I also scanned a few files that I chose (some dll and services) on VirusTotal
with no
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
full-disclosure-requ...@lists.grok.org.uk
Sent: Thursday, July 12, 2012 4:40 AM
To: full-disclosure@lists.grok.org.uk
Subject: Full-Disclosure Digest, Vol 8
14 matches
Mail list logo
