Last-minute paper: Killing the rootkit - perfect physical memory process detection |
VB2014 Seattle
|
Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System |
DEF CON 22
|
Inspecting and injecting. IronPython and .NET DLR memory reflection blazing through hundreds of GB in no time. |
CanSecWest 2017
|
Less is more, Exploring code/process-less techniques and other weird-machine methods to hide code (and how to detect them) |
CanSecWest 2014
|