I am currently looking for a cute and smart girl, feel free to contact me!
You can follow me on twitter there


07May

BlackHat Las Vegas Briefing 2008

Windows

In November 2007, Nicolas and I presented “Enter SandMan” in Tokyo at PacSec during its development phase. You can get the materials we used for this lecture here in English and here in Japanese.
Some months later, an alpha version formally called 1.0.080226, of Sandman Framework has been released as an open source project. — […]

22Apr

Google Summer of Code & NT debugging Puzzler #3

Windows

As you probably know, Google launch every year the Summer of Code. Yesterday, Google published official 2008 result and I’ll be part of the Samba Team. My work is to implement compression functions into Samba.
Microsoft Advanced Windows Debugging Team published their third puzzler: Matrix Edition #3 . It looks they’ll publish one puzzler per week. […]

06Apr

Few words about Microsoft interoperability initiative.

Blogging, Debugging, Programming, Reverse Engineering, SandMan, Windows

As you probably know, Microsoft released last month several thousands pages of documentation about office file format and Windows protocols.
It means numerous hundreds(thousands?) of functions/algorithms documentation and pseudo-code. But, are these pseudo-function right? It looks not.
While I was reading [MS-DRSR]: Directory Replication Service (DRS) Remote Protocol Specification, I was a bit […]

03Apr

X-Ways Forensics Beta 2 and hibernation file. (coincidence?)

Blogging, Forensics, Windows

X-Ways (WinHex editor) Forensics Beta 2 now includes hibernation file(hiberfil.sys) support for Windows XP 32-bit only. Please notice, Sandman library/framework is an open-source project under GNU General Public License v3 to read and write the hibernation file released 2 months ago…

Posted on Friday, Mar 28, 2008 - 1:05:
* Ability to decompress Windows […]

18Mar

New attack released - Windows has been vulnerable for 8 years.

Articles, SandMan, Security, Windows

In November 2007 at PacSec'07, Tokyo, Japan, Nicolas Ruff and I (Matthieu Suiche) presented how to create a readable physical memory dump from the undocumented Microsoft hibernation file.

Last month, I published an open-source public version of this project called SandMan Framework. This framework allows manipulating the hibernation file for offensics (malicious) or forensics uses.

Today, I […]