(Honolulu, HW) – Here is a quick post to provide ressources presented this afternoon at Shakacon 2009. This talks aims at showing to win32dd users (forensics engineers, investigators, incident response engineers, ..) why physical memory analysis is important, and mainly covers how to rethink memory acquisition and exploitation in a more efficient way. Slides are [ Read More ]
Day 1 :: Workshop 8.00 PM (yeah it’s late) I had almost 7 hours of time travel in Train from Paris to Goettigen. It was really exhausting but it was a good opportunity to talk with pretty girls visiting Europa :) This year, SambaXP conference hold in Freizeit Hotel (Free time in English) in Goettingen [ Read More ]
For people who wasn’t (or was :)) at PacSec the last week. Slides of Sandman lecture can be found in Japanese[PPT] or in English (updated – last version) [PDF]. [JP] http://www.msuiche.net/pres/psj07ruffsuiche-jp.pdf [EN] http://www.msuiche.net/pres/PacSec07-slides-0.4.pdf An overview of hibernation file format is explained and the forensics library we called Sandman is introduced. Sandman status is reachable here [ Read More ]
Everyone knows that Dumbledore is homosexual but there is a most important thing you have to know! The PacSec Agenda had been released! http://www.securityfocus.com/archive/1/482602/30/0/threaded Speaker list: http://www.pacsec.jp/speakers.html Talk selections for PacSec 2007 – November 29 and 30 – Aoyama Diamond Hall ——- – Programmed I/O accesses: a threat to virtual machine monitors? – Loic Duflot, [ Read More ]
I did a translation into English of my previous presentation which explain how to realize a protector for IDT, SSDT, and syscall address on Windows 32 and 64bits. The translation can be found at the following link : Windows Vista Kernel Security – [EN].ppt I’m writting an article about it which will be released very [ Read More ]
