Expanding on process detection into microarchitecture independent hypervisor introspection. The aim of inVtero.net is to provide some very high performance, high assurance interfaces to work with physical memory dumps. Isolation and extraction of process memory, including recursive introspection of VM/hypervisors that may be running.
Quickdumps is a demo of the inVtero.net API. A small tool to rapidly extract everything it can see into a sensible directory hierarchy.
See CanSecWest presentation on page table detection or DC22. I added a lost of the VM introspection stuff lately for Ruxcon.
Cryptographically secure integrity verification of known memory pages to greatly reduce the proportion of possibly malicious resident code.
Authors and Contributors
You can try to contact @ShaneK2 or feel free to make a bug/feature request.
Support or Contact
Eventually some documentation will be setup documentation