Willi Ballenthin

Willi Ballenthin is a reverse engineer at FireEye who specializes in incident response and computer forensics. He can typically be found investigating intrusions at Fortune 500 companies and enjoys reverse engineering malware, developing forensic techniques, and exploring the cutting edge. Willi is the author of a number of cross-platform tools including python-registry, python-evtx, and INDXParse.py.

• @williballenthin
• Dynamic Presentation Playlist

Presentations:

• 2015-10-09 17:30 - BruCON 0x07 (2015) - Shims For The Win: Case study and investigative techniques for hijacked Application Compatibility Infrastructure
• 2015-08-08 13:00 - DEF CON 23 (2015) - WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis

Copresenters:

• Jon Tomczak
  • 2015-10-09 17:30 - BruCON 0x07 (2015) - Shims For The Win: Case study and investigative techniques for hijacked Application Compatibility Infrastructure
• Matt Graeber
  • 2015-08-08 13:00 - DEF CON 23 (2015) - WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis
• Claudiu Teodorescu
  • 2015-08-08 13:00 - DEF CON 23 (2015) - WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis
• Panel
  • 2015-08-08 13:00 - DEF CON 23 (2015) - WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis