I didnt wanna pollute the tools section, so I'll ask here.
I vaguely remember seeing the demo recently (it was a video) where some guys presented a tool framework that hooked api call (only ring 3 api calls?) in a virtual machine (I cant remember if it was VMware or Virtual Box, maybe it was even build ont top of QEMU, really, my mind is very unsure...) remotely,
like, I dont know if it was a superviser thing or some kind of VM build in debug functionality but they could, without installing tools in the VM see what ring 3 software was doing.
And they released the stuff, but only part of it. And it was recent too, I think...
I was googling around and just couldnt find it.
Has anyone heard something like that?
It was maybe a recent infosec conference or something like that. Maybe it was on r/reverseengineering or r/netsec...
If you remember, please tell me :>
I vaguely remember seeing the demo recently (it was a video) where some guys presented a tool framework that hooked api call (only ring 3 api calls?) in a virtual machine (I cant remember if it was VMware or Virtual Box, maybe it was even build ont top of QEMU, really, my mind is very unsure...) remotely,
like, I dont know if it was a superviser thing or some kind of VM build in debug functionality but they could, without installing tools in the VM see what ring 3 software was doing.
And they released the stuff, but only part of it. And it was recent too, I think...
I was googling around and just couldnt find it.
Has anyone heard something like that?
It was maybe a recent infosec conference or something like that. Maybe it was on r/reverseengineering or r/netsec...
If you remember, please tell me :>
