Black Hat USA 2008 - Slides and Demos.
by Matthieu Suiche on Aug.11, 2008, under Windows
As I said in my previous post, this year I gave a talk at BH USA. For people who attended (or not) to my talk you can here find my presentation [PDF, PPTX], demos [ZIP], new version of SandMan version 1.1.20080804 [ZIP]! (black hat release).
- DEMOS
* Offensive
- Bypassing Windows Login Prompt
+ msvp.c
- Local privilege escalation
+ lpe.c
* Defensive
- Hibernation 2 Memory dump
+ hib2mem.c
+ hib2mem.exe
- Kernel Analyze
+ kernelanalyze.exe Kernel Analyze is a tool I wrote to dump main kernel table and information including: IDT,GDT,IAT,EAT,HAL Dispatch Table, HAL Private Dispatch Table, SSDT and Symbols GUID FROM Windows hibernation file.
SANDMAN FRAMEWORK CHANGELOG:
- 2008-04-08
1.1.20080804: Xpress algorithm reimplemented, including compression and decompression.
If you have any questions feel free to ask me at matt (at) [this domain name].net
