Invtero.net

inVtero.net: Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

Download as .zip Download as .tar.gz View on GitHub

inVtero.net

Expanding on process detection into microarchitecture independent hypervisor introspection. The aim of inVtero.net is to provide some very high performance, high assurance interfaces to work with physical memory dumps. Isolation and extraction of process memory, including recursive introspection of VM/hypervisors that may be running.

quickdumps

Quickdumps is a demo of the inVtero.net API. A small tool to rapidly extract everything it can see into a sensible directory hierarchy.

References

See CanSecWest presentation on page table detection or DC22. I added a lost of the VM introspection stuff lately for Ruxcon.

Upcoming

Cryptographically secure integrity verification of known memory pages to greatly reduce the proportion of possibly malicious resident code.

Authors and Contributors

You can try to contact @ShaneK2 or feel free to make a bug/feature request.

Support or Contact

Eventually some documentation will be setup documentation