As the world is shaking because North Korea is intimidating American public companies with “the most sophisticated” cyber-attacks ever seen, I figured it would be a good timing to support intelligence agencies by open-sourcing my Windows Debugging Extension designed for Digital Forensics and Incident Response.
But also, I’m unfortunately lacking of time to support that extension – but I am sure open-sourcing it may results in interesting development from the community. I apologize in advance, I wrote that extension in 1-2 months so don’t expect it to be perfectly designed or written :-)
Happy Holidays !
Here is a short-list of missing features for international mobile users. Feel free to contact me on @msuiche or over e-mail if there is any feature you think is missing but more necessary than changing the colors of your icons at every release.
1. Smart address book
There is no reason your contact book would not allow you to automatically sort your contacts out per country using the Prefix Country Code, nor per city or region using the prefix following the country code.
Moreover, a map-based browsing would be more intuitive for its users – as per example the illustrative screenshot below.
And also timestamps your contacts to provide better triage mechanism based on time / day / month / year.
2. Smart international keyboard
There is no reason Messaging application could not remember what keyboard layout I use for different contacts. If you message different people using multiple languages, your app should at least remember your preferred keyboard layout per contact.
3. The end of the single number identity
There is no reason applications would tie your identity to a single number. Applications such as messaging applications (WhatsApp, etc.), food delivery applications, or even car booking applications (Uber etc.) only allow their users to have one single number. Users should have the ability to have multiple verified numbers, people who travel usually have one number per country.
– UPDATE: doc file
– UPDATE: Added DbgkpLkmdDataCollectionCallbacks support in !ms_callbacks (more info)
– ADD: !ms_exqueue (more info)
– ADD: !ms_store (more info)
– BUGFIX: !ms_idt
Current version is: v0.6.20140819 (19 August 2014)
Pentagon Five-Year (until 2018) Cybersecurity Plan Seeks $23 Billion (cf. 2015 Fiscal Year Budget request)
That is around 1.6x times ($4.6 Bn/Year) the annual budget of DARPA ($2.8 Bn/Year)
France Five-Year (until 2019) Cybersecurity plan is EUR 1 Billion
This is around 1.33x times (EUR 200M/Year) the budget allocated to the call for projects in cyber-security from last year. The budget allocated was supposed to be EUR 150M but no updates had been communicated by officials since the initial press release, and any attempts to obtain more information had been dismissed or ignored.
U.S. cyber security budget is 17+ times more the French budget.
And in addition of that the U.S. is developing partnerships at different levels within its own ecosystem, which is something yet to be seen in France even through claims had been mentioned by the government to strengthen its sovereign technology.
SwishDbgExt is a Microsoft WinDbg debugging extension that expands the set of available commands by Microsoft WinDbg, but also fixes and improves existing commands.
This extension has been developed by Matt Suiche (@msuiche) – feel free to reach out on Twitter (even better, on the mailing list) to ask for more features, offer to contribute and/or report bugs.
Mailing-List: https://groups.google.com/a/moonsols.com/forum/#!forum/dfir-list or firstname.lastname@example.org
SwishDbgExt aims at making life easier for kernel developers, troubleshooters and security experts with a series of debugging, incident response and memory forensics commands.
Because SwishDbgExt is a WinDbg debugging extension, it means it can be used on local or remote kernel debugging session, live sessions generated by Microsoft LiveKd, but also on Microsoft crash dumps generated to a Blue Screen of Death or hybrid utilities such as MoonSols DumpIt.
I personally don’t have enough time to proceed to a full in-depth testing of all the commands on every of Windows, that’s is why I would like to thank few people who assisted me during with the testing of the private beta and their contributions. Now that the extension is public, I’m sure more bugs will be found – and as said above, feedback are highly appreciated and the mailing list is the most efficient way to share it :-)
Thanks to Frank Boldewin for his feedback and sharing his shellcode scanning techniques (!ms_malscore).
Thanks to Benjamin Delpy for his feedback and writing mimikatz (!ms_credentials).
Current version is: v0.5.20140716 (16 July 2014)