I’d like to introduce a new tool I plan to release later. This tool aims at providing a local shell to explore the windows hibernation file like windbg, or livekd can do with crash dump using SandMan framework. The most interesting point regarding the usage is the loading of Microsoft Debugging Symbols to retrieve critical [ Read More ]
Two new releases: The first one is as I said in my previous post Sandman Framework which is now in version 1.1. And the second is win32dd which also turned to version 1.1
As I said in my previous post, this year I gave a talk at BH USA. For people who attended (or not) to my talk you can here find my presentation [PDF, PPTX], demos [ZIP], new version of SandMan version 1.1.20080804 [ZIP]! (black hat release). – DEMOS * Offensive - Bypassing Windows Login Prompt + [ Read More ]
Today (I mean meanwhile :-)) at Blackhat US 2008, Shawn Embleton and Sherri Sparks presented their research concerning the CleanHatConsulting SMM Rootkit. * The first and main limitation concerns the D_LCK bit. BIOS Vendors enables this bit for some years (maybe like 2/3 years), few times after Loic Duflot first lecture. It means that “new [ Read More ]
