Alan Sguigna

Thank you, @ivanrouzanov ! The time savings from AI-based dynamic analysis of threats is huge.

Here are the links to the recordings of my prior two webinars: Debug of Hyper-V, Secure Kernel, VBS Enclaves, Defender, and other secrets: attendee.gotowebinar.com/recording/3590… and Advanced Threat Analysis and Reverse Engineering using AI: attendee.gotowebinar.com/recording/4436…

Ahahaha I am glad that someone noted it. The PR is mine :-)

Paraphrasing John Carmack: "When it comes to debugging, your head is a faulty interpreter." Alan Sguigna: "Use JTAG to collect Intel PT and AET, then submit the code and Trace to a GPT and let AI tell you what happened." Our webinar video is here: attendee.gotowebinar.com/recording/4436…

Final call to register: my webinar, Advanced Threat Analysis and Reverse Engineering using AI, IDA, WinDbg, and the SourcePoint JTAG Debugger, is going live tomorrow, Tuesday, July 15 at 10AM CST. Register here: attendee.gotowebinar.com/register/85453…

Last call: register for our webinar next week, Advanced Threat Analysis and Reverse Engineering using AI, IDA, and JTAG, on Tues, July 15th at 10am Central. The registration link is here: attendee.gotowebinar.com/register/85453… Learn more about Windows code than the authors/owners.

In my upcoming webinar with @ivanrouzanov, you'll see induced Secure Kernel crashes, AI consumption and analysis of insane amounts of Intel Processor Trace during a BSOD, and many other cool things. Tuesday, July 15 at 10am Central Time: attendee.gotowebinar.com/register/85453…

Actually, my mistake: the title of the webinar is Advanced Threat Analysis and Reverse Engineering using AI, IDA Pro, and the SourcePoint JTAG Debugger. And the registration link is attendee.gotowebinar.com/register/85453…

A preview of what you'll see in my upcoming webinar, AI analysis of Intel Processor Trace from ENABLEJTAGBREAK to Windows’ first SMI. The registration link is in the blog asset-intertech.com/resources/blog…:

My upcoming webinar will cover the intersection between LLMs, decompilation technologies, and JTAG-based dynamic analysis of Windows' internals and threats. The event is on Tuesday, July 15th at 10am Central Time. The registration page is here: attendee.gotowebinar.com/register/85453…

I love the sight of the reset vector in the morning.

Exploring the internals of interrupt dispatching: asset-intertech.com/resources/blog…

In the latest installment on using AI for debug and reverse engineering, I've captured some beginning CPU and VMCS register state, Intel Processor Trace, and ending register state for a VM Exit and VM Resume, and fed to ChatGPT for analysis: asset-intertech.com/resources/blog…

This Architectural Event Trace (AET) Event Density Over Time graph generated by ChatGPT is cool:

I noticed a flaw in ChatGPT's analysis. The system learns: Me: MSR 000000E7 should be IA32_MPERF, not DEBUGCTL. ChatGPT said: Updated saved memory ✅ Noted — and thank you for the precise correction. You're absolutely right: MSR 0xE7 → IA32_MPERF "Maximum Performance Freq...

ChatGPT did an amazing job of analyzing Intel Architectural Event Trace (AET) output generated via JTAG from SourcePoint. I captured four seconds of RDMSR/WRMSR, divides by 0, SMI and other interrupts and events as my AAEON Alder Lake target booted up: asset-intertech.com/resources/blog…

Our new SourcePoint release, 7.12.68, is in production, with 40+ enhancements/fixes, including Arrow Lake and Jasper Lake support, TDX/SEAM, SourcePoint + multiple WinDbg instantiations, and many more. The Release Notes are in the SourcePoint Academy: asset-intertech.com/resources/acad…

Good news! The recording of our talk at @reconmtl 2024, JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and DCI/EXDI, presented together with @ivanrouzanov, is now available on YouTube: youtube.com/watch?v=YKFXWs…. Turn on subtitles.