Call for Beta-Testers :: windd utility RC2 (32-bits & 64-bits)

September - 9 - 2009
Posted by Matthieu Suiche
Comments Off

Finally, I recently managed to find some time to updated win32dd, now called windd and part of a project codenamed “Pangowings *” (inspired by pangolin mammal). windd supports both 32-bits and 64-bits version (not Itanium, but x64-based) version of Windows from Windows XP to Windows 7. All executables (including drivers) are digitally signed. And I  [ Read More ]

Windows 7 Memory Manager and Committed Memory – SystemCommittedMemoryInformation

August - 2 - 2009
Posted by Matthieu Suiche
Comments Off

In Windows 7 build 7100, SYSTEM_INFORMATION_CLASS had been updated, and some of its classes like SystemLowPriorityInformation updated. Moreover, new classes are introduced like SystemCommittedMemoryInformation. This useless post covers SystemCommittedMemoryInformation class which is part of Windows 7 Memory Manager and aims at retrieving information about committed memory. Function: NtQuerySystemInformation Class: SystemCommittedMemoryInformation Privilege: None Output size: 0×10  [ Read More ]

Security 2.0 – Fairy tales and the art of deception

June - 30 - 2009
Posted by Matthieu Suiche

Yesterday, I wrote a post about TwitPic and Twitter. According to the blog of TwitPic, we can read this: Yesterday we were made aware of a vulnerability with our email posting system that would allow someone to brute force someone’s Twitpic email PIN by trying every combination until one worked. A fix has been put  [ Read More ]

Web vulnerabilities are lame and web developpers too. We all know this. And here is what you can read on @britneyspears twitter. Basically, TwitPic allows Twitter users to upload + post pictures on their Twitter status. How? You have to login on the TwitPic website with your login+password, then upload your picture and that’s it.  [ Read More ]

Challenge of Windows physical memory acquisition and exploitation

June - 12 - 2009
Posted by Matthieu Suiche
Comments Off

(Honolulu, HW) – Here is a quick post to provide ressources presented this afternoon at Shakacon 2009. This talks aims at showing to win32dd users (forensics engineers, investigators, incident response engineers, ..) why physical memory analysis is important, and mainly covers how to rethink memory acquisition and exploitation in a more efficient way. Slides are  [ Read More ]

Sponsors