Matthieu Suiche’s blog !Happiness only real when shared.

X-Files. Episode 2. *Squeeze*

As said previously, it’s really easy to find proof of plagiarism when an open-source tool is released and whan this source is reimplemented into a commercial software without compliance. Andreas published a new article called The implementation by Vendor “S”. In this article, he has explained what are the differences between the implementation of […]

X-Files. Episode 1. *Deep throat*

Andreas, recently published an interesting article called “The 3 Vendors”. This article is talking about GPL rights violation against researchers who share their knowledge. And also demonstrate, how this kind of violation can be easily identified through code flowchart. It sounds like the beginning of a series…

New attack released - Windows has been vulnerable for 8 years.

In November 2007 at PacSec'07, Tokyo, Japan, Nicolas Ruff and I (Matthieu Suiche) presented how to create a readable physical memory dump from the undocumented Microsoft hibernation file.

Last month, I published an open-source public version of this project called SandMan Framework. This framework allows manipulating the hibernation file for offensics (malicious) or forensics uses.

Today, I […]

SandMan 1.0.080226 is out!

Since Windows 2000, Microsoft provides a feature called Hibernation also know as suspend to disk that aims to save the system state into an undocumented file called hiberfil.sys. This file contains all the physical memory saved by the Operating System and aims to be restored by the user the next time the computer is powered […]

Windows Vista and unexported kernel symbols (Part II, 32bits version)

This paper exposes part II of my previous article about Windows Vista and internals structures. This one is talking about the 32bits version and aims to show new authencity tricks.
Download it from the following link:
Windows_Vista_32bits_and_unexported_kernel_symbols.pdf
Cheers,