As mentioned in my recent presentation at Brucon 2014, I’ve written a small Windbg extension for exploring basic information about the Windows crash dump stack. You can download the source code here. This is currently the only supported platform, but…
This Thursday at high noon, I will be presenting my crash dump research at Brucon 2014. This presentation acts as sort of a chronology of my research, covering each major development since 2012, and is basically this entire website condensed…
As mentioned in my previous blog post this afternoon, it appears Microsoft has added back the ability to dump physical memory to disk (in the form of a dump file) from user mode via NtSystemDebugControl. I wrote a quick proof-of-concept…
In preparation for refreshing some content in my slide deck for my presentation at Brucon 0x06, I happened upon some functions in the Windows 8.1 kernel I had never seen before. They were all named with some variation of “LiveDump”. Here…
A quick shout-out and thanks to the conference organizers at NSC 2013, as well as my fellow speakers and those that attended or watched my presentation. I had a wonderful time in Paris and enjoyed meeting all of you. Feel…
Recently I contributed a challenge to the SOURCE Boston CTF competition. The challenge was entitled “Dump Sector Blue” and involved manipulating a crash dump filter driver I wrote to leverage crash context structures used by crashdmp.sys. I will be delivering a presentation…
I just thought I’d post a quick comment on a time table for upcoming site content. I only have a few hours a week to work on this project, so it will be a while before I’m able to capture…
Exploring the Microsoft Windows crash dump stack 