Announcement

Collapse
No announcement yet.

PCILeech and MemProcFS - Ulf Frisk, Ian Vitek

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    PCILeech and MemProcFS - Ulf Frisk, Ian Vitek

    PCILeech and MemProcFS - Ulf Frisk, Ian Vitek
    A direct memory access attack toolkit.

    Title:
    PCILeech and MemProcFS

    Presenter:
    Ulf Frisk, Ian Vitek

    Abstract:
    The PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and game hackers alike. We will demonstrate how to take control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware and the open source PCILeech toolkit. MemProcFS is memory forensics and analysis made super easy! Analyze memory by clicking on files in a virtual file system or by using the API. Analyze memory dump files or live memory acquired using drivers or PCILeech PCIe FPGA hardware devices.


    Biography:
    Ulf is a pentester by day, and a security researcher by night. Ulf is the author of the PCILeech direct memory access attack toolkit and MemProcFS. Ulf is interested in things low-level and primarily focuses on memory analysis and DMA.

    Ian Vitek has a background as a pentester but now works with information security in the Swedish financial sector. Ian has held several presentations at DEF CON, BSidesLV and other IT security conferences.
    Tags: None
  • #2
    I'm so very much looking forward to present awesome, super fast, super easy memory analysis and MemProcFS and DMA hacks with PCILeech at DEF CON demo labs this year!

    You're all so very welcome to stop by the my PCILeech and MemProcFS DemoLab at Friday 8/12 14:00 – 15:55!

    Please let me know in advance if you have some special thing you really wish for me to demo! I'm so very much looking forward to see you all on Friday the 12th!

    Links to the tools:
    https://github.com/ufrisk/pcileech
    https://github.com/ufrisk/MemProcFS

    Demo videos and Past conference talk playlists:
    https://www.youtube.com/channel/UC2a...vKiC7s7Opzv9rg
    https://www.youtube.com/watch?v=BKrb...YEmLkbDF0OJ2MU

    Contact Information:
    Twitter: @UlfFrisk
    Discord: UlfFrisk#5780
    Discord #pcileech channel at Porchetta Industries server: https://discord.gg/sEkn3aa

    Comment

    • #3
      can you maybe tell some about what hardware to get, for getting started.
      maybe as both the cheap/easy setup and for the the more pro/advanced setup, what to get there will have the lognterm support with the project

      Comment

      • #4
        Originally posted by Tooms2400 View Post
        can you maybe tell some about what hardware to get, for getting started.
        maybe as both the cheap/easy setup and for the the more pro/advanced setup, what to get there will have the lognterm support with the project
        Something that may help you is to call out the person in a reply. They may receive an email to let them know they have a mention or reply about their workshop.
        I'll try to help you: UlfFrisk : see reply to your comment.

        HTH

        Comment

        • #5
          Originally posted by Tooms2400 View Post
          can you maybe tell some about what hardware to get, for getting started.
          maybe as both the cheap/easy setup and for the the more pro/advanced setup, what to get there will have the lognterm support with the project
          It's possible to use MemProcFS memory analysis without hardware, you may analyze memory dump files and also live memory utilizing drivers such winpmem or dumpit, or targeting virtual machines.

          If wanting to try on writing to memory as well VMWare virtual machines (VMWare player/workstation on Windows host) and Hyper-V (via separate plugin) is supported. This works with both PCILeech and MemProcFS. This way you can try on "DMA" attacks before purchasing hardware.

          As far as hardware goes the pcileech-fpga project lists supported hardware at https://github.com/ufrisk/pcileech-fpga Currently most is sold out due to the global chip situation, but the Xilinx dev boards and the Screamer PCIe Squirrel are available. The Screamer is probably the better easier choice here.

          Comment

          Previous template Next
          Working...
          X