Monthly Archives: May 2008

BlackHat Las Vegas Briefing 2008


In November 2007, Nicolas and I presented “Enter SandMan” in Tokyo at PacSec during its development phase. You can get the materials we used for this lecture here in English and here in Japanese.

Some months later, an alpha version formally called 1.0.080226, of Sandman Framework has been released as an open source project. — you can find the current version here. Please consider, as Volatility Team has kindly reminded SandMan is a GPL3 project then don’t imitate Vendor “X” which don’t even waited a final version of SandMan to violate the GPL and then implemented a bugged version into his commercial products :).

Furthermore, in March Cedric presented and commented the SandMan proof of concept video during lightning talks at CanSecWest 2008 in Vancouver.

Anyway, at the upcoming Black Hat Vegas 2008, I’m going to give a talk entitled “Windows hibernation file for fun and profit“. This talk aims to discuss about both forensics and offensics uses through the hibernation file (hiberfil.sys) with SandMan.

For your information, Alex is also giving a talk at BH called “Of Pointers and Handles A Story of Unchecked Assumptions in the Windows Kernel”.

You can take a look at the full schedule here.