Explore >> Select a destination

You are here

 hvinternals.blogspot.com
Hyper-V Internals: Hyper-V debugging for beginners. 2nd edition.
| | secret.club
Hypervisors for Memory Introspection and Reverse Engineering | secret club
7.9 parsecs away

Travel
| | [AI summary] This text discusses advanced hypervisor-based techniques for stealth kernel introspection and function hooking using Extended Page Tables (EPT). It describes two Rust-based implementations: Illusion (UEFI-based hypervisor for early boot introspection) and Matrix (Windows kernel driver-based hypervisor using dual-EPT context switching). The text covers EPT shadowing, inline VMCALL detours, MTF single-stepping, and trampoline logic to redirect execution without modifying guest memory. It also addresses hypervisor detection methods, trade-offs between shared vs. per-core EPT models, and the broader implications for security research and exploitation.
| | blog.quarkslab.com
Debugging Windows Isolated User Mode (IUM) Processes - Quarkslab's blog
2.7 parsecs away

Travel
| | In this blog post we discuss how to debug Windows' Isolated User Mode (IUM) processes, also known as Trustlets, using the virtual TPM of Microsoft Hyper-V as our target.
| | prog.world
[No title]
4.6 parsecs away

Travel
| | [AI summary] This technical article details a research project from Summer Of Hack 2019 that utilized Intel Processor Trace hardware features to successfully record and analyze code execution paths within System Management Mode (SMM) on x86 processors, overcoming OS protection barriers to identify potential security vulnerabilities.
| | blog.talosintelligence.com
Suspected CoralRaider continues to expand victimology using three information stealers
22.6 parsecs away

Travel
| Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims' host.