ImmuniWeb® by High-Tech Bridge


High-Tech Bridge Newsletter

Subscribe to our newsletter and receive some or all of our corporate news, invitations to security events or HTB Security Advisories – you choose what you want to receive.

Manipulating Memory for Fun & Profit

February 6, 2013

Author: Frederic Bourla, Chief Security Specialist, High-Tech Bridge


Memory analysis and manipulation can provide security analysts with formidable weapons. During his talk at Information Security Day for ISACA Luxembourg Chapter, Frédéric BOURLA presented most memory manipulation tricks from both offensive and defensive angles. The talk first dealt with the attacker’s layer, from pivoting attacks to IEEE1394 issues through In-Memory Fuzzing, which permits auditors to bypass built-in features, network limitations and encryption to remain able to uncover security vulnerabilities in a running application. In a second stage, the talk focused on the benefits of memory manipulation in Computer Forensics and Malware Analysis fields, especially when facing sophisticated malcode, such as kernel rootkits or heavily encrypted reverse Trojans. Basically, this talk aimed to open the doors to a fascinating world which could easily allow security analysts to save lots of time during their recurrent duties.


PDF: Manipulating Memory for Fun & Profit (2,5 MB)
Video: Manipulating Memory for Fun & Profit: 1. dbgHelp4j
Video: Manipulating Memory for Fun & Profit: 2. Inception