Artwork

Black Hat and Jeff Moss द्वारा प्रदान की गई सामग्री. एपिसोड, ग्राफिक्स और पॉडकास्ट विवरण सहित सभी पॉडकास्ट सामग्री Black Hat and Jeff Moss या उनके पॉडकास्ट प्लेटफ़ॉर्म पार्टनर द्वारा सीधे अपलोड और प्रदान की जाती है। यदि आपको लगता है कि कोई आपकी अनुमति के बिना आपके कॉपीराइट किए गए कार्य का उपयोग कर रहा है, तो आप यहां बताई गई प्रक्रिया का पालन कर सकते हैं https://hi.player.fm/legal
Player FM - पॉडकास्ट ऐप
Player FM ऐप के साथ ऑफ़लाइन जाएं!

Darren Bilby: Defeating Windows Forensic Analysis in the Kernel (Japanese)

55:26
 
साझा करें
 

Manage episode 152728406 series 1069451
Black Hat and Jeff Moss द्वारा प्रदान की गई सामग्री. एपिसोड, ग्राफिक्स और पॉडकास्ट विवरण सहित सभी पॉडकास्ट सामग्री Black Hat and Jeff Moss या उनके पॉडकास्ट प्लेटफ़ॉर्म पार्टनर द्वारा सीधे अपलोड और प्रदान की जाती है। यदि आपको लगता है कि कोई आपकी अनुमति के बिना आपके कॉपीराइट किए गए कार्य का उपयोग कर रहा है, तो आप यहां बताई गई प्रक्रिया का पालन कर सकते हैं https://hi.player.fm/legal
"It is 4pm on a Friday, beer o'clock. You're just eyeing up your first beer and thinking about where the fish will be biting tomorrow. The phone rings, something "funny" is happening on a client's web server. A lot of money passes through the server and it looks like it could be serious. IDS on the network picked up a crypted command shell heading outbound from the server. You break out the security incident response manual and head to the scene. Being the process oriented and reliable chap you are, you load up your forensic toolkit and take forensic copies of current memory and disk. You kick off your tools to analyse the forensic copies you've taken, nothing. All the processes are good, no apparent hooks, all hashes match verifiable sources. You check the forensic copying process, it worked perfectly. What have you missed? How could it not be in memory or on disk? Someone is playing you for a fool, and it's probably someone in kernel land. Your forensic image has been faked, and yet any court in the country would accept your process as sound. This talk will be a low level talk aimed at forensic analysts, investigators, prosecutors and administrators. It will show new techniques and a previously unreleased working implementation called DDefy which anyone involved in forensic analysis should be aware of. The demonstration will show defeating live forensic disk and memory analysis on Windows systems exposing fundamental flaws in popular forensic tools. Attendees should preferably have an understanding of the live forensics process and some background in modern rootkit technologies. Knowledge of NTFS internals will also aid in understanding."
  continue reading

15 एपिसोडस

Artwork
iconसाझा करें
 
Manage episode 152728406 series 1069451
Black Hat and Jeff Moss द्वारा प्रदान की गई सामग्री. एपिसोड, ग्राफिक्स और पॉडकास्ट विवरण सहित सभी पॉडकास्ट सामग्री Black Hat and Jeff Moss या उनके पॉडकास्ट प्लेटफ़ॉर्म पार्टनर द्वारा सीधे अपलोड और प्रदान की जाती है। यदि आपको लगता है कि कोई आपकी अनुमति के बिना आपके कॉपीराइट किए गए कार्य का उपयोग कर रहा है, तो आप यहां बताई गई प्रक्रिया का पालन कर सकते हैं https://hi.player.fm/legal
"It is 4pm on a Friday, beer o'clock. You're just eyeing up your first beer and thinking about where the fish will be biting tomorrow. The phone rings, something "funny" is happening on a client's web server. A lot of money passes through the server and it looks like it could be serious. IDS on the network picked up a crypted command shell heading outbound from the server. You break out the security incident response manual and head to the scene. Being the process oriented and reliable chap you are, you load up your forensic toolkit and take forensic copies of current memory and disk. You kick off your tools to analyse the forensic copies you've taken, nothing. All the processes are good, no apparent hooks, all hashes match verifiable sources. You check the forensic copying process, it worked perfectly. What have you missed? How could it not be in memory or on disk? Someone is playing you for a fool, and it's probably someone in kernel land. Your forensic image has been faked, and yet any court in the country would accept your process as sound. This talk will be a low level talk aimed at forensic analysts, investigators, prosecutors and administrators. It will show new techniques and a previously unreleased working implementation called DDefy which anyone involved in forensic analysis should be aware of. The demonstration will show defeating live forensic disk and memory analysis on Windows systems exposing fundamental flaws in popular forensic tools. Attendees should preferably have an understanding of the live forensics process and some background in modern rootkit technologies. Knowledge of NTFS internals will also aid in understanding."
  continue reading

15 एपिसोडस

सभी एपिसोड

×
 
Loading …

प्लेयर एफएम में आपका स्वागत है!

प्लेयर एफएम वेब को स्कैन कर रहा है उच्च गुणवत्ता वाले पॉडकास्ट आप के आनंद लेंने के लिए अभी। यह सबसे अच्छा पॉडकास्ट एप्प है और यह Android, iPhone और वेब पर काम करता है। उपकरणों में सदस्यता को सिंक करने के लिए साइनअप करें।

 

त्वरित संदर्भ मार्गदर्शिका