# Authors: Dmitry Vostokov, Matthieu Suiche, Roberto Alexis Farah # ISBN-10: 1906717389 # ISBN-13: 978-1906717384
-
In case you don’t have seen LiveCloudKd yet, you should go there http://moonsols.com/blog/15-livecloudkd-debugging-the-clouds-from-the-moon
-
If you want to register to a Advanced Windows Physical Memory Analysis to mastering Windd click HERE or HERE
-
As you have seen, I didn’t update this blog since a while – There is a reason. I started my own company called “MoonSols”. I released my first product called “MoonSols Windows Memory Toolkit”. And slides of my last talks at JSSI (Paris, France) and CanSecWest (Vancouver, Canada). By there way, there is also a [ Read More ]
-
Washington D.C. – BlackHat D.C. 2010 Edition is now over. For people who attended or missed the talk, slides are now online. [slides] [more]
-
Here is my christmas gift for people who reads this blog. If you are looking for structures/types/enums definition which are not necessary in the Official MSDN just refer to the alternative MSDN at the following address: MSDN – Matthieu Suiche Developer Network. You might have seen this project earlier if you are on Twitter :-) [ Read More ]
Well, I’m moving to Den Haag in Netherlands to work at the Netherlands Forensic Institute of the Dutch Ministry of Justice. If you live around feel free to send me an e-mail to drink some beers.
Investigators, Incident Response Engineers, Forensics Engineers, Security Consultants, CISSP, … from all around the world here are some questions for you. I tried to find answers by myself but I feel unable to do so. So, let’s improve communication/interaction between us. #1 Could you define the role of a security researcher? #2 How do you [ Read More ]
Offline domain join is a new process that joins computers running Windows® 7 or Windows Server 2008 R2 to a domain in Active Directory Domain Services (AD DS)—without any network connectivity. This process includes a new command-line tool, Djoin.exe, which you can use to complete an offline domain join. Run Djoin.exe to provision the computer [ Read More ]
If you’re generating a Microsoft Crash Dump file under Windows Seven you might noticied that DirectoryTableBase field in the crash dump header is set to zero. The reason is the current version of win32dd choosed to retrieve cr3 register through the PROCESSOR_STATE structure stored into KPRCB. But since KPRCB had been updated in Windows 7 [ Read More ]
