Hello! My name is Matt Suiche. I am an independent researcher, advisor, and investor. I previously served as the Head of Detection Engineering at Magnet Forensics. Our organization was passionately dedicated to justice and protecting the innocent, a mission we embarked on more intensely after the 2022 acquisition of my cybersecurity start-up, Comae Technologies.
My life-long fascination with learning and understanding complex systems first led me to cybersecurity. My teenage years were spent immersed in reverse engineering, which ignited a profound curiosity about technology that continues to this day. I’ve since explored various fields including operating systems architecture, programming languages, virtualization, modern web application development, and generative art. Furthermore, I’ve delved into numerous domains such as privacy, surveillance, forensics, blockchain, and community development among others.
This year marks 5 year since I gave my first blockchain/web3 related presentation at DEFCON 25 when I presented Porosity which was an experimental decompiler and static analysis tool for Ethereum Virtual Machine bytecode, but also mentioned on why we should keep an eye on WebAssembly Virtual Machines back when eWASM was being drafted and an option for Ethereum as a replacement for EVM itself.
Since then, new layer 1 blockchains have emerged such as Solana (eBPF-variant), and NEAR & Polkadot (WebAssembly) as part of a new wave of architectures relying on the LLVM compiler and ELF file formats, instead of reinventing the wheel like the Ethereum Virtual Machine and Solidity programming language.
Magnet Forensics, a developer of digital investigation solutions for more than 4,000 enterprises and public safety organizations in over 100 countries, announced the acquisition of the strategic IP assets of Comae Technologies.
As part of the acquisition, Comae founder Matt Suiche will lead a memory analysis and incident response research and development team at Magnet Forensics, where he will further develop a memory analysis platform and integrate the technology into the company’s existing solutions.
The recent SolarWind’s hack which resulted in a backdoor version of their SolarWind Orion product which counts 33,000 customers has been all over the news in the past few weeks - most things have been said and repeated, although there are few notes that I mentioned on Twitter which I would like to compile in a blogpost for perenniality.
First of all, I would like to point out to the presence in the backdoor process blacklist (the full list can be found on Itay Cohen’s repository) of several processes that can be used for either:
