Publications

This section lists the various publications I’ve released concerning the crash dump stack.  For a list of other sources of publicly-available information on the crash dump stack, check out the References section.

  1. Evolution of Crash Dump Research (9/25/2014) – Presentation at Brucon 2014, Ghent, Belgium, covering all techniques in my research, including all tools and source code.  Introduce a new Windbg extension, DmpExt, and cover some changes in Windows 8.1.  Slide deck | source code
  2. Crashdmp-ster Diving the Windows 8 Crash Dump Stack (5/17/2013) – Presentation at No Such Con, Paris, concerning a new technique to read/write through the crash path using crashdmp.sys’s global context structure available to crash dump filter drivers.  Slide deck | whitepaper |  source code
  3. I/O You Own:  Windows 8 Update (1/9/2013) – A blog post discussing the new features in the Windows 8 crash dump stack, as well as an overview of a new technique to use the stack outside the operating system.
  4. BSides Jackson:  I/O You Own:  Regaining Control of Your Disk in the Presence of Bootkits (11/10/2012) – Slide deck of my updated presentation for BSides Jackson.  Covered previously-published but revised material that included an overview of Windows 8 crash dump stack changes.
  5. SyScan Singapore 2012:  I/O You Own:  Regaining Control of Your Disk in the Presence of Bootkits (4/26/2012) – Program overview and link to original slide deck for my presentation at SyScan 2012.
  6. SyScan 2012 Preview – I/O You Own: Regaining Control of Your Disk in the Presence of Bootkits (4/23/2012) – A blog post introducing the research and upcoming SyScan presentation.
%d bloggers like this: