Manipulating Memory for Fun & ProfitFebruary 6, 2013
Author: Frederic Bourla, Chief Security Specialist, High-Tech Bridge
Memory analysis and manipulation can provide security analysts with formidable weapons. During his talk at Information Security Day for ISACA Luxembourg Chapter, Frédéric BOURLA presented most memory manipulation tricks from both offensive and defensive angles. The talk first dealt with the attacker’s layer, from pivoting attacks to IEEE1394 issues through In-Memory Fuzzing, which permits auditors to bypass built-in features, network limitations and encryption to remain able to uncover security vulnerabilities in a running application. In a second stage, the talk focused on the benefits of memory manipulation in Computer Forensics and Malware Analysis fields, especially when facing sophisticated malcode, such as kernel rootkits or heavily encrypted reverse Trojans. Basically, this talk aimed to open the doors to a fascinating world which could easily allow security analysts to save lots of time during their recurrent duties.
Video: Manipulating Memory for Fun & Profit: 1. dbgHelp4j
Video: Manipulating Memory for Fun & Profit: 2. Inception
Video: Manipulating Memory for Fun & Profit: 3. Volatility