Archive for August, 2008
Sandman shell. Your hibernation file in a nutshell. - Part I
WindowsI’d like to introduce a new tool I plan to release later. This tool aims at providing a local shell to explore the windows hibernation file like windbg, or livekd can do with crash dump using SandMan framework.
The most interesting point regarding the usage is the loading of Microsoft Debugging Symbols to retrieve critical […]
Update: win32dd & sandman
WindowsTwo new releases:
The first one is as I said in my previous post Sandman Framework which is now in version 1.1.
And the second is win32dd which also turned to version 1.1
Black Hat USA 2008 - Slides and Demos.
WindowsAs I said in my previous post, this year I gave a talk at BH USA. For people who attended (or not) to my talk you can here find my presentation [PDF, PPTX], demos [ZIP], new version of SandMan version 1.1.20080804 [ZIP]! (black hat release).
- DEMOS
* Offensive
- Bypassing Windows Login Prompt
+ msvp.c
- Local privilege escalation
+ […]
SMM Rootkit limitations. (and how to defeat it :-))
WindowsToday (I mean meanwhile :-)) at Blackhat US 2008, Shawn Embleton and Sherri Sparks presented their research concerning the CleanHatConsulting SMM Rootkit.
* The first and main limitation concerns the D_LCK bit. BIOS Vendors enables this bit for some years (maybe like 2/3 years), few times after Loic Duflot first lecture. It means that “new computers” […]