•  

Crashdumps: hunt 0days and rootkits

A session at CONFidence 2013

  • Adam Zabrocki

Wednesday 29th May, 2013

11:00am to 11:50am (WMT)

Crashdumps are often underestimated source of very interesting information. It is a common belief that they are used only for application/system bugs/vulnerabilities analysis. In this presentation I would like to show a little bit different approach for this source of information. Microsoft Windows allows to change default configuration for WER/CER protocol in such a way, that all generated crashdumps will be stored in a custom storage. This is very useful in a large corporate networks, where we can find tens, hundreds or even thousands of machines, because more than a hundred crashdumps may be generated per day. In most of the cases administrators are afraid of a critical information leak (XBI, PII) via crashdumps, but could they gain some useful knowledge about the network status via this source? I will try to show what kind of benefits could be gained if we start analyzing crashdumps independently and in a little bit different perspective…

About the speaker

This person is speaking at this event.
Adam Zabrocki

Sign in to add slides, notes or videos to this session

CONFidence 2013

Poland Poland, Krakow

28th29th May 2013

Tell your friends!

When

Time 11:00am11:50am WMT

Date Wed 29th May 2013

Short URL

lanyrd.com/schqgz

Official session page

2013.confidence.org.pl/…enda

View the schedule

Share

See something wrong?

Report an issue with this session