Social Icons

Showing posts with label virtual memory. Show all posts
Showing posts with label virtual memory. Show all posts

Friday, September 25, 2015

Volatility Command : Using kdbgscan/kprcscan to scan for potential KDBG/KPCR structures

This post will share an example to run the two volatility terminal commands including kdbgscan and kprcscan.

Before I proceed ahead,I would assume that you have installed volatility in your Linux system(in my case I am using UBUNTU) (Installation explained at my earlier post at http://anupriti.blogspot.in/2015/09/volatility-advanced-memory-forensics.html) and you have a RAM dump of the OS u desire to analyse.In my case here I have taken the RAM dump of a Windows 7 OS as explained here at http://anupriti.blogspot.in/2015/09/volatility-command-using-imageinfo-to.html

Basic intro about these two commands :

kdbgscan

This command is used to scan for potential KDBG structures and is meant to positively identify the correct profile of the system and the correct KDBG (kernel debugger block) address. It simply scans for KDBG header signatures linked to the profiles in Volatility.

Usage : 

python vol.py --profile=Win7SP0x86 -f filename.raw kdbgscan

Screen shot executing the above command shown below :
(CLICK TO ENLARGE)
kpcrscan

This command is used to scan for potential KPCR(Kernel Processor Control Region) structures. A KPCR is a data structure used by the kernel to store the processor-specific data. Kpcrscan searches for and dumps potential KPCR values. On a multi-core system, each processor has its own KPCR. Therefore, ideally  one should see at least as many KPCR addresses as there are processors on the machine from which the memory dump was acquired.Usage as follows :

python vol.py --profile=Win7SP0x86 -f win_image.raw kpcrscan

Screen shot with output as below :
(CLICK ON IMAGE TO ENLARGE)



Posted by at 0 comments
Labels: , , , , , , , , , , ,

Sunday, November 23, 2014

Setting up Metasploit on a BackTrack5 R3 VM with SSH connectivity@Putty

1.    Setting this up is a simple thing till the time you know how to do it...here I bring you a step by step thing of how you putty to a Backtrack5 v3 machine installed in a Virtual Box from a Ubuntu host OS....

2.    First thing is configuring a additional network card on the BTR3 machine.Select the virtual machine and click on Settings,then move to Network settings and then in the Network adapter, there will be a pre-installed NAT adapter for internet usage of the host machine.Under Adapter 2 select Host only Adapter.

Adapter 1 Default Configuration
 Adapter 2 to be Configured
Before you get ready to ssh...u need to ensure that ssh service is running in Backtrack...which by default is not...run the terminal commands as seen below in the screen shots...


ifconfig as seen at terminal of the Backtrack R3 machine
 Putty to IP of the Backtrack Machine
Putty successfully asks for login as seen below :

 Login with Backtrack credentials :
Here  above we get the msfconsole...ready to accept the commands....
Posted by at 0 comments
Labels: , , , , , , , , ,

Monday, July 19, 2010

Increasing Laptop Bty Life : Few ways

1. Hibernate: Hibernating the laptop is always a tidier option than putting it on standby, or shutting it down. This is because the laptop’s hibernate mode saves it in the state it was hibernated in, and does not require the laptop to reboot all applications, thereby using much less power.

2. Get some extra RAM: Whenever a laptop runs short of RAM memory it end up shifting to the virtual memory which results in hard disk use, which is a much less efficient option in terms of power consumption. Putting in extra RAM does use more power, so don’t get too much extra, but when compared to the use of virtual memory it’s a more efficient option.

3. Apply energy saving options on the OS

4. Bring down the brightness of the screen

5. Shut Down External devices: Most USB devices and other external devices like external hard drives or USB lights or even USB mice should be switched off and removed if not in use.

6. Shutdown background apps

7. Amend battery cycle: For a healthy Lithium-ion based battery, it is always suggested to keep the electrons that are present inside in motion occasionally. That means it’s never a good idea to keep you laptop plugged in or on charge all the time as the electrons lose their ability to store energy. One should let it discharge fully and charge it completely at least once a month to keep the battery as good as new.

8. Switch-off unused wireless radios

9. Try to reduce multitasking: When using the laptop on battery power, one should try as much as possible to use one application at a time, and should ideally shut one application completely before opening another, to reduce consumption of both processing and battery power.

10. Defrag on regular intervals
Posted by at 0 comments
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)
Powered By Blogger