incident-response
Lol ANU —
Some place got hacked, it's clearly sophisticated and not at all a result of shitty security, old systems.
On the viability of memory forensics in compromised environments —
When a machine is owned, can you really trust it to give you reliable data for incident response?
DMA attacks with the PCIscreamer —
DMA attacks - more practical than you think, so much so that the average pentester could do it
Sysmon configuation —
Seriously just use the swiftonsecurity config - it's way better than what you're doing now.
Dumping memory using SMM —
Using System Management Mode for dumping memory
Sitting in hardware —
A tl;dr summary on System Management Mode (SMM), light covering on hardware backdoors and forensic capabilities