FireEye: Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction

The final post in FireEye’s three-part series on Windows 10 memory forensics. This last part looks at how to automate the extraction of undocumented structures from deep within memory using the tools introduced in the earlier parts.

Check out the FireEye presentations at BlackHat and DefCon.

Source: Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction

Rate this:

Posted

August 9, 2019

Uncategorized

Nathan Cocker

Tags:

Comments

Leave a Reply Cancel reply

Enter your comment here…

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

FireEye: Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction

Rate this:

Share this:

Like this:

Comments

Leave a Reply Cancel reply