BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Memfini - A systemwide memory monitor interface for linux\n When: Saturday\, Aug 13\, 10:00 - 11:55 PDT\n Where: Caesars F orum - Caucus Boardroom (Demo Labs) - [1]Map\n Speakers:Shubham Dubey\,R ishal Dwivedi\n\n SpeakerBio:Shubham Dubey\n Shubham is a Security Res earcher 2 at Microsoft where he works for\n Microsoft’s defender produ ct. His expertise lies in low level\n security and internals which inclu des reverse engineering\,\n exploitation and firmware security. Prior to joining Microsoft\,\n Shubham was Security researcher at Antivirus comp any working in\n exploit prevention team where he contributed to protect customers from\n 0days and vulnerabilities in the wild. Shubham has wor ked on multiple\n independent project on kernel level and firmware secur ity. He own a\n security blog nixhacker.com where you will find lots of content on low\n level security and internals.\n\n SpeakerBio:Rishal D wivedi\n Rishal is a Security Researcher at Microsoft where he works for \n Microsoft's defender product. His expertise lies in Offensive securit y\n which includes vulnerability discovery and exploitation\, owning\n multiple CVE's. Prior to joining Microsoft\, Rishal was a Sr. Security\n researcher at company where he contributed to their Web Application\n Security product. Rishal gained fame in bug bounty at an early age of\n 13 years. After contributing to Application Security for multiple\n year s\, he went on to explore other domains of security including IOT\n secu rity and Malware Analysis.\n\n Description:\n Surprisingly\, memory re lated events logging has been ignored by\n monitoring tool’s authors s ince a long time. There are multiple\n event loggers present for Linux t hat are capable of monitoring\n processes\, i/o operations\, function ca lls or whole systemwide events.\n But something which lacks in most is g lobal monitoring of memory\n related events like allocation\, attachment to a shared memory\, memory\n allocation in foreign process etc. This h as many applications in\n security domain or even software engineering i n general. The main area\n of focus or use case for Memfini is to assist Security professionals\n for carrying out memory specific Dynamic Malwa re Analysis\, in order to\n help them in finding indicators for maliciou s activities without\n reversing the behavior. Below listed are few of t he use cases (which\n we will also be demonstrating in the talk). • Pr ocess Injection •\n Fileless malware execution • Shellcode Execution • Malicious\n shared memory usage On the other hand\, it can also be helpful for\n Software developers\, who wish to have an eagle eye on the memory\n allocations • Finding Memory Leaks • Error detection for d ebugging\n purposes. The is possible as Memfini is capable of monitoring memory\n allocations on User space\, Kernel space as well as some under looked\n allocations like PCI device mapping\, DMA allocations etc. It provides\n a command line interface with multiple filters\, allowing a u ser to\n interact with the logs generated & get the required data. Curre ntly\,\n the user will be able to filter the events by individual proces s\, type\n of access etc.\n\n Audience: Defensive security(Malware res earcher\, IR/Forensics) and\n Offensive security(memory based vulnerabil ity discovery)\n\n '\n\n 1. https://defcon.outel.org/consolidated_page .html#CaesarsSummitBR\n\n\n DTEND:20220813T185500Z DTSTART:20220813T170000Z LOCATION:DL - Caesars Forum - Caucus Boardroom (Demo Labs) SUMMARY:Memfini - A systemwide memory monitor interface for linux END:VEVENT END:VCALENDAR