One HBGary developper wrote a blogpost about windd entitled “Windd – Almost there, but not quite…“. HBGary says *they* but I would like to say to readers that windd is a project that I developped and maintain alone, on my spare time. More and more people are using windd so it looks I have to [ Read More ]
I’m going to discuss about Microsoft Crash Dump Analysis weaknesses, but in fact this blogpost is somehow an introduction to the next version of Win32DD 1.2. Indeed, the next version of win32dd will have crash dump generation implemented and some others things you’ll enjoy too. Any reader who is interested in this topic is encouraged [ Read More ]
As said previously, it’s really easy to find proof of plagiarism when an open-source tool is released and whan this source is reimplemented into a commercial software without compliance. Andreas published a new article called The implementation by Vendor “S”. In this article, he has explained what are the differences between the implementation of XpressDecode [ Read More ]
Andreas, recently published an interesting article called “The 3 Vendors”. This article is talking about GPL rights violation against researchers who share their knowledge. And also demonstrate, how this kind of violation can be easily identified through code flowchart. It sounds like the beginning of a series…
In November 2007 at PacSec'07, Tokyo, Japan, Nicolas Ruff and I (Matthieu Suiche) presented how to create a readable physical memory dump from the undocumented Microsoft hibernation file. Last month, I published an open-source public version of this project called SandMan Framework. This framework allows manipulating the hibernation file for offensics (malicious) or forensics uses. [ Read More ]
