This section lists the various publications I’ve released concerning the crash dump stack. For a list of other sources of publicly-available information on the crash dump stack, check out the References section.
- Evolution of Crash Dump Research (9/25/2014) – Presentation at Brucon 2014, Ghent, Belgium, covering all techniques in my research, including all tools and source code. Introduce a new Windbg extension, DmpExt, and cover some changes in Windows 8.1. Slide deck | source code
- Crashdmp-ster Diving the Windows 8 Crash Dump Stack (5/17/2013) – Presentation at No Such Con, Paris, concerning a new technique to read/write through the crash path using crashdmp.sys’s global context structure available to crash dump filter drivers. Slide deck | whitepaper | source code
- I/O You Own: Windows 8 Update (1/9/2013) – A blog post discussing the new features in the Windows 8 crash dump stack, as well as an overview of a new technique to use the stack outside the operating system.
- BSides Jackson: I/O You Own: Regaining Control of Your Disk in the Presence of Bootkits (11/10/2012) – Slide deck of my updated presentation for BSides Jackson. Covered previously-published but revised material that included an overview of Windows 8 crash dump stack changes.
- SyScan Singapore 2012: I/O You Own: Regaining Control of Your Disk in the Presence of Bootkits (4/26/2012) – Program overview and link to original slide deck for my presentation at SyScan 2012.
- SyScan 2012 Preview – I/O You Own: Regaining Control of Your Disk in the Presence of Bootkits (4/23/2012) – A blog post introducing the research and upcoming SyScan presentation.