Catch Me If You Can...
 
Notifications
Clear all

Catch Me If You Can -- Blackhat presentation

2 Posts
2 Users
0 Likes
291 Views
tebodell
(@tebodell)
Posts: 25
Eminent Member
Topic starter
 

Hey all, just wanted to hear some speculations on this talk..

http//blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#foster2

Think it'll be another case like with grugq's talk and the TCT "bug" or something bigger? Just looking for some thoughts i guess, hopefully those of you going to Blackhat 05 will be able to provide more detail in a few weeks -P

Also curious about other –specifically recent– anti-forensic tactics that anyone has heard of. Links to material would be great, I've been searching.

Thanks,
Tebodell

 
Posted : 18/07/2005 8:31 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

<i>…just wanted to hear some speculations on this talk..</i>

Speculations? We should probably just wait and see. In a lot of cases, the actual content at presentations like this have little to do with the expectations set by the title…but we'll have to see.

I stopped going to BH/DC for that reason, pretty much…it was becoming an expensive way to see friends. Besides, I'm more interested in the Windows side of things, and they've stopped holding the briefings for that one.

WRT other anti-forensics techniques, I've been looking into some things that have to do with the Windows Event Log…basically taking advantage of how the API works to subvert things, but doing so without wreaking havok a la WinZapper. After, all that's really required in anti-forensics is a strong desire to *not* be detected…which, in itself, is pretty easy.

H. Carvey
"Windows Forensics and Incident Recovery"
http//www.windows-ir.com
http//windowsir.blogspot.com

 
Posted : 18/07/2005 3:22 pm
Share: