Black Hat | From Dead Data to Digestion: Extracting Windows Fibers for Your Digital Forensics Diet @BlackHatOfficialYT | Uploaded 8 months ago | Updated 9 hours ago
...This talk will take you on a journey on how to reverse the underlying API, understand the core components of the undocumented internals of Fibers, and then use this knowledge to create granular detection telemetry from process memory. It will conclude by demonstrating and then open-sourcing a novel tool called Weetabix that automates this whole process for the benefit of threat hunting teams or EDR developers....
By: Daniel Jary
Full Abstract and Presentation Materials: blackhat.com/us-23/briefings/schedule/#from-dead-data-to-digestion-extracting-windows-fibers-for-your-digital-forensics-diet-32832
...This talk will take you on a journey on how to reverse the underlying API, understand the core components of the undocumented internals of Fibers, and then use this knowledge to create granular detection telemetry from process memory. It will conclude by demonstrating and then open-sourcing a novel tool called Weetabix that automates this whole process for the benefit of threat hunting teams or EDR developers....
By: Daniel Jary
Full Abstract and Presentation Materials: blackhat.com/us-23/briefings/schedule/#from-dead-data-to-digestion-extracting-windows-fibers-for-your-digital-forensics-diet-32832
