K2

K2 (w00w00, ADM, undernet, efnet, The Honeynet Project) is a devil in the details person who does not take themselves too serious and appreciates a good laugh. Earlier DEF CON presentations included polymorphic shellcode in the form of ADMMutate (see ADM Crew), low-level process detection, with page table analysis (Weird-Machine motivated shell code) and using the branch tracing store backdoor trick on Windows to counter Ransom ware, detect RoP (RunTime + HW Assisted) and draw cool graphs — "BlockFighting with a Hooker: BlockfFghter2!". All three of these are open source tools available github.com/K2 (EhTrace and inVtero.Net are under active development).

@ktwo_K2 GitHub: https://github.com/K2

Appearing at:

(Un)Fucking Forensics: Active/Passive (i.e. Offensive/Defensive) memory hacking/debugging.