Matt Suiche

Last updated
Matt Suiche
Matt Suiche.jpg
Matt Suiche.
Born (1988-09-22) 22 September 1988 (age 36)
Nationality French
Known for Computer security
Memory forensics
Virtualization
Scientific career
Fields Computer science
Website www.msuiche.com

Matthieu Suiche (born September 22, 1988), also known as Matt and under the username msuiche, is a French hacker and entrepreneur. He is widely known as the founder of MoonSols and co-founder of CloudVolumes, which was acquired [1] by VMWare in 2014. In March 2014, Suiche was highlighted as one of the 100 key French developers in a report [2] for French minister Fleur Pellerin.

Contents

Career

Suiche is best known for his work in the memory forensics and computer security fields. His most notable research contributions include Windows hibernation file [3] analysis and Mac OS X physical memory analysis. [4]

Furthermore, he created LiveCloudKd, [5] a utility to analyze running Microsoft Hyper-V virtual machines. Microsoft Technical fellow Mark Russinovich highlighted it on his blog [6] before introducing [7] a similar feature in one of Microsoft's tools. Russinovich also said "We were so impressed that we invited Matthieu to speak about live kernel debugging and LiveCloudKd at this year’s BlueHat Security Briefings".

He is also known to have discovered multiple security flaws in multiple Microsoft Windows kernel components. [8] [9] Suiche is Microsoft Most Valuable Professional in Enterprise Security. [10]

Suiche started his career as an independent security researcher by presenting his work about the Microsoft Windows hibernation file for the first time at the international conference PacSec held in Tokyo in 2007. [11] His expertise earned him an invitation from Europol to speak at their internal High Tech Crime Experts Meeting in 2008. [12] [13] Between 2009 and 2010, he worked as a researcher for Netherlands Forensic Institute in The Hague. He then founded MoonSols, a company specializing in memory forensics and incident response.

Suiche was also contributor [14] of the Samba project during the Google Summer of Code in 2008, where he was in charge of implementing the new compression algorithms used by the networking protocols.

In 2011, Suiche founded CloudVolumes (formerly SnapVolumes [15] ) a California-based virtualization management product company where he served as a Chief Scientist. [16] Company was acquired by VMware in 2014. [17] [ non-primary source needed ]

In 2016, Suiche founded Comae, is a UAE-based cybersecurity company that specializes in cloud-based memory analysis used to recover evidence from the volatile memory of devices. Company was acquired by Magnet Forensics in 2022. [17] [ non-primary source needed ]

Conferences

Suiche also had been a frequent speaker at various computer security conferences such as Black Hat Briefings, [18] [19] Microsoft Blue Hat Hacker Conference, [20] Shakacon, Hackito Ergo Sum, Europol High Tech Crime Experts Meeting, CanSecWest, [21] PacSec, [22] Hack In The Box, SyScan [23] and Shakacon.

He is on the board of Program Committee of Shakacon security conference, and one of the founders of Hackito Ergo Sum security conference in Paris.

The Shadow Brokers

The Shadow Brokers is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools, including several zero-day exploits, from the "Equation Group" who are widely suspected to be a branch of the National Security Agency (NSA) of the United States. Suiche spoke at the BlackHat about The Shadow Brokers’ saga, the large Vegas-based cybersecurity conference and after his presentation the TSB posted a public message stating “Hello Matt Suiche, The ShadowBrokers is sorry TheShadowBrokers is missing you at theblackhats or maybe not.” [24]

Suiche along with James Bamford speculated that an insider, "possibly someone assigned to the [NSA's] highly sensitive Tailored Access Operations", stole the hacking tools. [25]

Pwnie Awards 2013

In 2012, Suiche was one of the security researchers (along with several other well-known security researchers) who submitted a bogus article [26] entitled "Nmap: The Internet Considered Harmful - DARPA Inference Checking Kludge Scanning" to Hakin9 Information Security Magazine. This article has been used as a social proof to demonstrate the lack of relevance and expertise of certain media dedicated to Information Security, but also to criticize spamming techniques used by media in order to generate quantity-oriented data rather than quality-oriented information. The following year, this article resulted in being awarded the 2013 Pwnie Awards [27] [28] attributed to Hakin9 under the "Most Epic FAIL" category.

Awards and recognition

Bibliography

See also

Related Research Articles

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">VMware</span> Multi-cloud service provider for all apps

VMware LLC is an American cloud computing and virtualization technology company headquartered in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture.

Platform virtualization software, specifically emulators and hypervisors, are software packages that emulate the whole physical computer machine, often providing multiple virtual machines on one physical platform. The table below compares basic information about platform virtualization hypervisors.

WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft. Debugging is the process of finding and resolving errors in a system; in computing it also includes exploring the internal operation of software as a help to development. It can be used to debug user mode applications, device drivers, and the operating system itself in kernel mode.

<span class="mw-page-title-main">VMware Workstation</span> Hosted hypervisor for Windows and Linux

VMware Workstation Pro is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems. It enables users to set up virtual machines (VMs) on a single physical machine and use them simultaneously along with the host machine. Each virtual machine can execute its own operating system, including versions of Microsoft Windows, Linux, BSD, and MS-DOS. VMware Workstation is developed and sold by VMware, which has been owned by Broadcom since November 2023. In May 2024, Workstation Pro became free of charge for personal use, with paid subscriptions available for commercial use, while the free restricted VMware Workstation Player was dropped. In November 2024, VMware Workstation was made free for commercial use, with paid subscriptions and support no longer available.

In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely from one system, while being displayed on a separate client device. Remote desktop applications have varying features. Some allow attaching to an existing user's session and "remote controlling", either displaying the remote control session or blanking the screen. Taking over a desktop remotely is a form of remote administration.

Ericom Software, Inc. is a Closter, New Jersey–based company that provides web isolation and remote application access software to businesses.

<span class="mw-page-title-main">Virtualization</span> Methods for dividing computing resources

In computing, virtualization (v12n) is a series of technologies that allows dividing of physical computing resources into a series of virtual machines, operating systems, processes or containers.

The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees are announced yearly at Summercon, and the awards themselves are presented at the Black Hat Security Conference.

Michael Gregory Hoglund is an American author, researcher, and serial entrepreneur in the cyber security industry. He is the founder of several companies, including Cenzic, HBGary and Outlier Security. Hoglund contributed early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His later work focused on computer forensics, physical memory forensics, malware detection, and attribution of hackers. He holds a patent on fault injection methods for software testing, and fuzzy hashing for computer forensics. Due to an email leak in 2011, Hoglund is well known to have worked for the U.S. Government and Intelligence Community in the development of rootkits and exploit material. It was also shown that he and his team at HBGary had performed a great deal of research on Chinese Government hackers commonly known as APT. For a time, his company HBGary was the target of a great deal of media coverage and controversy following the 2011 email leak. HBGary was later acquired by a large defense contractor.

<span class="mw-page-title-main">Alexander Sotirov</span> Computer security researcher

Alexander Sotirov is a computer security researcher. He has been employed by Determina and VMware. In 2012, Sotirov co-founded New York based Trail of Bits with Dino Dai Zovi and Dan Guido, where he currently serves as co-CEO.

<span class="mw-page-title-main">Computer security conference</span> Convention for individuals involved in computer security

A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts. Common activities at hacker conventions may include:

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables.

A DMA attack is a type of side channel attack in computer security, in which an attacker can penetrate a computer or other device, by exploiting the presence of high-speed expansion ports that permit direct memory access (DMA).

In computer security, virtual machine (VM) escape is the process of a program breaking out of the virtual machine on which it is running and interacting with the host operating system. In theory, a virtual machine is a "completely isolated guest operating system installation within a normal host operating system", but this isn't always the case in practice.

Memory forensics is forensic analysis of a computer's memory dump. Its primary application is investigation of advanced computer attacks which are stealthy enough to avoid leaving data on the computer's hard drive. Consequently, the memory must be analyzed for forensic information.

Veeam Software is a privately held US-based information technology company owned by Insight Partners. It develops backup, disaster recovery and modern data protection software for virtual, cloud-native, SaaS, Kubernetes and physical workloads. Veeam Software was co-founded by two Russian entrepreneurs, Ratmir Timashev and Andrei Baronov. While Veeam's start was built on protecting data across virtualized workloads, it has significantly expanded to protect data across a wide variety of platforms from AWS, Azure, Google Cloud, Microsoft 365, Kubernetes, etc. Veeam's current CEO, Anand Eswaran, has been pushing Veeam's strategy to accelerate share in the enterprise with adding several layers to Veeam's partnerships. Veeam took over the #1 market share in the data protection category in the second half of 2022. The company headquarters is in Kirkland, Washington, United States.

LPAR2RRD is an open-source software tool that is used for monitoring and reporting performance of servers, clouds and databases. It is developed by the Czech company XoruX.

<span class="mw-page-title-main">Jonathan Brossard</span> French computer scientist

Jonathan Brossard also known under the username 'endrazine', is a French security hacker, engineer and a Professor of computer science at the Conservatoire National des Arts et Metiers. He is best known as a pioneer in firmware cybersecurity, having presented the first public example of a hardware backdoor. The MIT Technology Review called it "undetectable and uncurable". He has presented several times at conferences such as Defcon and Blackhat, as the Director of Security at Salesforce.

References

  1. "VMware Acquires CloudVolumes". 2014-08-20. Retrieved 2023-05-29.
  2. 1 2 "Les développeurs, un atout pour la France" (PDF). Retrieved 2023-05-29.
  3. "Windows hibernation file for fun and profit" (PDF). Retrieved 2023-05-29.
  4. "Advanced Mac OS X Physical Memory Analysis" (PDF). Retrieved 2023-05-29.
  5. "LiveKd for Virtual Machine Debugging". 2019-06-27. Retrieved 2023-05-29.
  6. "LiveKd for Virtual Machine Debugging".
  7. "LiveKd 5.0 for Hyper-V Debugging Released to Windows Sysinternals" . Retrieved 2023-05-29.
  8. "Microsoft Security Bulletin MS10-048 - Important" . Retrieved 2023-05-29.
  9. "Microsoft to thank Google researcher for privately reporting Windows bugs" . Retrieved 2023-05-29.
  10. 1 2 "Matthieu B. Suiche" . Retrieved 2023-05-29.
  11. "Information Security News: PacSec 2007 Agenda (Tokyo 11-29/30)" . Retrieved 2023-05-29.
  12. "High Tech Crime Experts Meeting". Archived from the original on January 2, 2009.
  13. "Europol High Tech Crime Expert Meeting - Matthieu Suiche's blog !". www.msuiche.net. Archived from the original on 25 January 2009. Retrieved 14 January 2022.
  14. "git.samba.org - samba.git/search". git.samba.org.
  15. ""CloudVolumes Delivers Industry's First Instant Workload Management Solutions to Reduce Complexity, Increase Efficiency and Provide Mobility within the Datacenter and Cloud"". Archived from the original on 2014-02-22.
  16. "SnapVolumes Secures $2.3 Million Seed Financing to Redefine Application Deployment and Management of Virtual Desktops, Servers". Archived from the original on 2014-02-22.
  17. 1 2 "Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies" . Retrieved 2023-05-29.
  18. "Black Hat ® Technical Security Conference: DC 2011 // Speaker Bios". www.blackhat.com.
  19. NetworkWorld, Quirky moments at Black Hat DC 2011 Archived 2014-02-27 at the Wayback Machine
  20. "BlueHat Security Briefings: Fall 2010 Sessions". Archived from the original on 2013-12-13.
  21. "CanSecWest Applied Security Conference: Vancouver, British Columbia, Canada". cansecwest.com. Archived from the original on 2014-02-22.
  22. PacSec
  23. "Hội thảo bảo mật SyScan 2010: Nhiều chủ đề hấp dẫn". Archived from the original on 2014-02-22.
  24. "Meet the French researcher the Shadow Brokers keep calling out". CyberScoop. 2017-11-02. Retrieved 2022-04-07.
  25. "Commentary: Evidence points to another Snowden at the NSA". Reuters. 2016-08-22. Retrieved 2022-04-07.
  26. "Experts troll 'biggest security mag in the world' with DICKish submission" . Retrieved 2023-05-29.
  27. "Pwnie Awards 2013 Winners: Barnaby Jack, Edward Snowden, Hakin9, Evad3rs - Slashdot" . Retrieved 2023-05-29.
  28. "Pwnie Award Winners 2022 – Pwnies" . Retrieved 2023-05-29.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.