points by westurner 3 years ago

TEE Trusted Execution Environment > Hardware support, TEE Operating Systems: https://en.wikipedia.org/wiki/Trusted_execution_environment#...

List of [SGX,] vulnerabilities: https://en.wikipedia.org/wiki/Software_Guard_Extensions#List...

Protection Ring: https://en.wikipedia.org/wiki/Protection_ring ... Memory Segmentation: https://en.wikipedia.org/wiki/Memory_segmentation

.data segment: https://en.wikipedia.org/wiki/Data_segment

.code segment: https://en.wikipedia.org/wiki/Code_segment

NX bit: https://en.wikipedia.org/wiki/No-execute_bit

Arbitrary code execution: https://en.wikipedia.org/wiki/Arbitrary_code_execution :

> This type of attack exploits the fact that most computers (which use a Von Neumann architecture) do not make a general distinction between code and data,[6][7] so that malicious code can be camouflaged as harmless input data. Many newer CPUs have mechanisms to make this harder, such as a no-execute bit. [8][9]

> - Memory debugger; valgrind, https://en.wikipedia.org/wiki/Memory_debugger

"The GDB developer's GNU Debugger tutorial, Part 1: Getting started with the debugger" (2021) https://developers.redhat.com/blog/2021/04/30/the-gdb-develo...

"Debugging Python C extensions with GDB" (2021) https://developers.redhat.com/articles/2021/09/08/debugging-... & "Python Devguide" > "GDB support" https://devguide.python.org/advanced-tools/gdb/ :

  run, where, frame, p(rint),
  py-list, py-up/py-down, py-bt, py-locals, py-print

/? site:github.com inurl:awesome inurl:gdb https://www.google.com/search?q=site%3Agithub.com+inurl%3Aaw...

/? vscode debugger: https://www.google.com/search?q=vscode+debugger

/? juyterlab debugger: https://www.google.com/search?q=jupyterlab+debugger

Ghidra: https://en.wikipedia.org/wiki/Ghidra

> Ghidra can be used as a debugger since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via WinDbg, and Linux programs via GDB. [11]

Ghidra 10.0 (2021) Release Notes: https://ghidra-sre.org/releaseNotes_10.0beta.html

"A first look at Ghidra's Debugger - Game Boy Advance Edition" (2022) https://wrongbaud.github.io/posts/ghidra-debugger/ :

> - Debugging a program with Ghidra using the GDB stub

> - Use the debugging capability to help us learn about how passwords are processed for a GBA game

/? site:github.com inurl:awesome ollydbg ghidra memory https://www.google.com/search?q=site%3Agithub.com+inurl%3Aaw...

Memory forensics: https://en.wikipedia.org/wiki/Memory_forensics

awesome-malware-analysis > memory-forensics: https://github.com/rshipp/awesome-malware-analysis/blob/main...

github.com/topics/memory-forensics: https://github.com/topics/memory-forensics :

- microsoft/avml: https://github.com/microsoft/avml :

    /dev/crash
    /proc/kcore
    /dev/mem

> NOTE: If the kernel feature `kernel_lockdown` is enabled, AVML will not be able to acquire memory.