Security | DMA | Hacking

   Introducing the LeechAgent The LeechAgent is a 100% free open source endpoint solution geared towards remote physical memory acquisition and analysis on Windows endpoints in Active Directory environments. The LeechAgent provides an easy, but yet high performant and secure, way of accessing and querying the physical memory (RAM) of a remote system. Mount the remote memory with MemProcFS as an easy point-and-click file system - perfect for quick and easy triage. Dump the memory over the network with PCILeech. Query the physical memory using the MemProcFS Python API by submitting analysis scripts to the remote host! Do all of the above simultaneously. Physical memory analysis have many advantages - a main one being able to analyze the state of a system independently from the, potentially compromised, system APIs. The video below shows how easy it is to install the LeechAgent service on a remote computer and then using it to mount MemProcFS, dump physical memory and submit Pyth...