| Last-minute paper: Killing the rootkit - perfect physical memory process detection |
VB2014 Seattle
|
| Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System |
DEF CON 22
|
| Inspecting and injecting. IronPython and .NET DLR memory reflection blazing through hundreds of GB in no time. |
CanSecWest 2017
|
| Less is more, Exploring code/process-less techniques and other weird-machine methods to hide code (and how to detect them) |
CanSecWest 2014
|