Releases: ShaneK2/inVtero.net
inVteroCore.0.1
Release build in the 7z. This version works and is a start. Focus is on the powershell cmdlets and so forth.
Since we have OSX/Linux/*Bsd with CoreCLR it was a shame to not port a symbol server into Azure to allow us to run on those platforms w/o a legacy dependency on DIA2SDK. The PDB2JSON server will also be providing some additional services in the future, stay tuned. Also there is currently a hosted bitmap that is loaded with hashes from the Microsoft demo VM's available here: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ If you want to use inVtero w/o setting up a white list you can use that VM image and connect to the cloud services.
- https://pdb2json.azurewebsites.net
- https://github.com/ShaneK2/inVtero.net/wiki/Linux-support see wiki on dt.sh
- https://github.com/dotnet/coreclr
- https://github.com/PowerShell/PowerShell
CORECLR2 is a depedency of inVtero and PS so that's all good.
inVtero.ps1 is a set of functions that demonstrate the new cmdlet's. (their pretty basic but evolving)
ktwo@inVtero:~$ powershell
PowerShell v6.0.0-beta.5-76-g1b23a62ae177f189057fc034ba5a11adbf2cdaea
Copyright (C) Microsoft Corporation. All rights reserved.
Linux inVtero 4.10.0-32-generic #36~16.04.1-Ubuntu SMP Wed Aug 9 09:19:02 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
DEFCON25 Release
Enhancements to the RoP detection & symbol handling to make it easier to understand what you're looking at.
https://github.com/ShaneK2/inVtero.net/blob/master/quickdumps/publish.zip
Very close to the #BHUSA version
Very close to the version will be presenting at Black Hat Arsenal USA 2017
publish.zip
Bitmap accelerated
Bitmap acceleration tested out, working well for Win10 / integrity checks kernel 15063, back ported to Win7. Validates 8GB of memory in about 30seconds on my laptop. :)
100% integrity validation for Win10, 99.9% for Win7
New hash DB functionality for integrity validation of physical memory rate is good for Win10, working on some additional fixes to keep it 100% for downlevel OS.
Hashing examples & big perf improvements
Dump 8GB in 10 seconds to disk... or hash out to a hash file for a white-list comparison.
Hash.py is the main place to review the tests for these updates.
Windows 10 Creators x64 Build 15063 compatiability
Added new PT bits for supporting Win10 15063
REPL CLI
Reworked the awkward CLI into a PowerArgs based one. Going to see about providing the memory as a LINQ query source in a minor update.
After that will be hosting IronPython (IPY) and possibly C# (CSI/Script#) Interactive and also Cling (native C REPL), maybe all of the above, since it'd be sort of nice to have a Swiss forensics memory army knife. I'll have it finished right after the 25 hour day!