Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Memory Forensics
   for Penetration Testers
Memory Sizes
• 1 GB (Netbook standard)
• 2 GB (Old standard)
• 4 GB (Laptop standard now)
• Forensics don’t care, they dea...
Memory Sizes
• 1 GB (Netbook standard)
• 2 GB (Old standard)
• 4 GB (Laptop standard now)
• Forensics don’t care, they dea...
32 bit vs 64 bit


• Annoying
Per-process Memory
        Dumping
• PMD
 • (P)rocess (M)emory (D)umper SURPRISE!
• EvilFingers (https://www.evilfingers.co...
PWD
PMDump


• http://ntsecurity.nu/toolbox/pmdump/
Firefox


• You know..
Firefox


• You know..
Firepassword

• http://securityxploded.com/
  firepassword.php
• or you could do it the easy way:
 • http://carnal0wnage.bl...
Master Password :-(
FireMaster


• http://securityxploded.com/firemaster.php
dump firefox memory


  definitely smaller but be careful
strings FTW!

strings firefox.mem | sed ‘/^.{30}/d’ | sort -u | sed ‘/$’”/
          `echo r` /” > firefoxdictionary.txt
win!
Questions?
Prochain SlideShare
Chargement dans…5
×

Memory Forensics for Pentesters: Firefox

This is part one in a series of presentations I will be giving at the NoVAHackers meetings on forensics of all kinds as it can be leveraged in a penetration test.

  • Identifiez-vous pour voir les commentaires

Memory Forensics for Pentesters: Firefox

  1. 1. Memory Forensics for Penetration Testers
  2. 2. Memory Sizes • 1 GB (Netbook standard) • 2 GB (Old standard) • 4 GB (Laptop standard now) • Forensics don’t care, they deal with HDDs • Sneaky Sneaky!
  3. 3. Memory Sizes • 1 GB (Netbook standard) • 2 GB (Old standard) • 4 GB (Laptop standard now) • Forensics don’t care, they deal with HDDs • Sneaky Sneaky!
  4. 4. 32 bit vs 64 bit • Annoying
  5. 5. Per-process Memory Dumping • PMD • (P)rocess (M)emory (D)umper SURPRISE! • EvilFingers (https://www.evilfingers.com/) • Since v1.2 it’s gone gooey. • Still awesome but useless at a prompt.
  6. 6. PWD
  7. 7. PMDump • http://ntsecurity.nu/toolbox/pmdump/
  8. 8. Firefox • You know..
  9. 9. Firefox • You know..
  10. 10. Firepassword • http://securityxploded.com/ firepassword.php • or you could do it the easy way: • http://carnal0wnage.blogspot.com/ 2010/06/firefox-saved-passwords.html
  11. 11. Master Password :-(
  12. 12. FireMaster • http://securityxploded.com/firemaster.php
  13. 13. dump firefox memory definitely smaller but be careful
  14. 14. strings FTW! strings firefox.mem | sed ‘/^.{30}/d’ | sort -u | sed ‘/$’”/ `echo r` /” > firefoxdictionary.txt
  15. 15. win!
  16. 16. Questions?

×