http://secdocs.lonerunners.net Latest security documents RSS feed for author Matthieu Suiche en-us <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/836-matthieu-suiche">Matthieu Suiche</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/8-forensic">forensic</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/71-black-hat-usa-2010">Black Hat USA 2010</a> <br/><b>Abstract</b>: This talk is introducing MoonSols Windows Memory Toolkit aims at being the ultimate memory and crash dump acquisition and conversion tool for Windows. Including live acquisition on Windows of Microsoft crash dumps, the conversion of hibernation file into crashdump, and even to get a crashdump of a running VMWare Virtual Machine without rebooting it and without any BSOD! Wed, 28 Sep 2011 19:39:16 +0200 http://secdocs.lonerunners.net/documents/details/4055-blue-screen-of-the-death-is-dead http://secdocs.lonerunners.net/documents/details/4055-blue-screen-of-the-death-is-dead <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/836-matthieu-suiche">Matthieu Suiche</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/8-forensic">forensic</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/71-black-hat-usa-2010">Black Hat USA 2010</a> <br/><b>Abstract</b>: This talk is introducing MoonSols Windows Memory Toolkit aims at being the ultimate memory and crash dump acquisition and conversion tool for Windows. Including live acquisition on Windows of Microsoft crash dumps, the conversion of hibernation file into crashdump, and even to get a crashdump of a running VMWare Virtual Machine without rebooting it and without any BSOD! Tue, 27 Sep 2011 20:52:23 +0200 http://secdocs.lonerunners.net/documents/details/4054-blue-screen-of-the-death-is-dead http://secdocs.lonerunners.net/documents/details/4054-blue-screen-of-the-death-is-dead <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/836-matthieu-suiche">Matthieu Suiche</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/8-forensic">forensic</a> <a href="http://secdocs.lonerunners.net/tags/details/45-windows">Windows</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/42-black-hat-usa-2008">Black Hat USA 2008</a> <br/> Thu, 05 Aug 2010 16:18:00 +0200 http://secdocs.lonerunners.net/documents/details/2783-windows-hibernation-file-for-fun-and-profit http://secdocs.lonerunners.net/documents/details/2783-windows-hibernation-file-for-fun-and-profit <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/836-matthieu-suiche">Matthieu Suiche</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/8-forensic">forensic</a> <a href="http://secdocs.lonerunners.net/tags/details/45-windows">Windows</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/42-black-hat-usa-2008">Black Hat USA 2008</a> <br/> Thu, 05 Aug 2010 11:10:00 +0200 http://secdocs.lonerunners.net/documents/details/2778-windows-hibernation-file-for-fun-and-profit http://secdocs.lonerunners.net/documents/details/2778-windows-hibernation-file-for-fun-and-profit <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/836-matthieu-suiche">Matthieu Suiche</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/8-forensic">forensic</a> <a href="http://secdocs.lonerunners.net/tags/details/45-windows">Windows</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/42-black-hat-usa-2008">Black Hat USA 2008</a> <br/> Thu, 05 Aug 2010 11:10:00 +0200 http://secdocs.lonerunners.net/documents/details/2779-windows-hibernation-file-for-fun-and-profit http://secdocs.lonerunners.net/documents/details/2779-windows-hibernation-file-for-fun-and-profit <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/836-matthieu-suiche">Matthieu Suiche</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/8-forensic">forensic</a> <a href="http://secdocs.lonerunners.net/tags/details/182-mac-os-x">Mac OS X</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/37-black-hat-dc-2010">Black Hat DC 2010</a> <br/><b>Abstract</b>: In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection. Mon, 24 May 2010 06:02:53 +0200 http://secdocs.lonerunners.net/documents/details/2504-advanced-mac-os-x-physical-memory-analysis http://secdocs.lonerunners.net/documents/details/2504-advanced-mac-os-x-physical-memory-analysis <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/836-matthieu-suiche">Matthieu Suiche</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/8-forensic">forensic</a> <a href="http://secdocs.lonerunners.net/tags/details/182-mac-os-x">Mac OS X</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/37-black-hat-dc-2010">Black Hat DC 2010</a> <br/><b>Abstract</b>: In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection. Mon, 24 May 2010 06:02:50 +0200 http://secdocs.lonerunners.net/documents/details/2503-advanced-mac-os-x-physical-memory-analysis http://secdocs.lonerunners.net/documents/details/2503-advanced-mac-os-x-physical-memory-analysis