PCILeech and MemProcFS

Presented at DEF CON 30 (2022), Aug. 12, 2022, 2 p.m. (115 minutes).

The PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and game hackers alike. We will demonstrate how to take control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware and the open source PCILeech toolkit. MemProcFS is memory forensics and analysis made super easy! Analyze memory by clicking on files in a virtual file system or by using the API. Analyze memory dump files or live memory acquired using drivers or PCILeech PCIe FPGA hardware devices.

Audience: Offense, Defense, Forensics, Hardware

Presenters:

• Ulf Frisk
  Ulf is a pentester by day, and a security researcher by night. Ulf is the author of the PCILeech direct memory access attack toolkit and MemProcFS. Ulf is interested in things low-level and primarily focuses on memory analysis and DMA.
• Ian Vitek
  Ian Vitek has a background as a pentester but now works with information security in the Swedish financial sector. Ian has held several presentations at DEF CON, BSidesLV and other IT security conferences.

Similar Presentations:

• DEF CON 22 (2014) / NSA Playset: PCIe
• ShmooCon X (2014) / ADD -- Complicating Memory Forensics Through Memory Disarray
• Disobey 2020 / Live Memory Attacks and Forensics