Matthieu Suiche (born September 22, 1988), also known as Matt and under the username msuiche, is a French

hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...

and entrepreneur. He is widely known as the founder of MoonSols and co-founder of CloudVolumes, which was acquired by VMWare in 2014. In March 2014, Suiche was highlighted as one of the 100 key French developers in a report for French minister Fleur Pellerin.

Career

Suiche is best known for his work in the

memory forensics Memory forensics is forensic analysis of a computer's memory dump. Its primary application is investigation of advanced cyberattacks which are stealthy enough to avoid leaving data on the computer's hard drive. Consequently, the memory (e.g. R ...

and

computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...

fields. His most notable research contributions include

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

hibernation Hibernation is a state of minimal activity and metabolic reduction entered by some animal species. Hibernation is a seasonal heterothermy characterized by low body-temperature, slow breathing and heart-rate, and low metabolic rate. It is mos ...

file analysis and

Mac OS X macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

physical memory analysis. Furthermore, he created LiveCloudKd, a utility to analyze running

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

Hyper-V Hyper-V is a native hypervisor developed by Microsoft; it can create virtual machines on x86-64 systems running Windows. It is included in Pro and Enterprise editions of Windows (since Windows 8) as an optional feature to be manually enabled. A ...

virtual machine In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...

Technical fellow

Mark Russinovich Mark Eugene Russinovich (born December 22, 1966) is a Spanish-born American software engineer and author who serves as CTO of Microsoft Azure. He was a cofounder of software producers Winternals before Microsoft acquired it in 2006. Early lif ...

highlighted it on his blog before introducing a similar feature in one of

's tools. Russinovich also said "We were so impressed that we invited Matthieu to speak about live kernel debugging and LiveCloudKd at this year’s BlueHat Security Briefings". He is also known to have discovered multiple security flaws in multiple

kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learnin ...

components. Suiche is

Microsoft Most Valuable Professional The Microsoft Most Valuable Professional (MVP) award is given by Microsoft to "technology experts who passionately share their knowledge with the community". They are awarded to people who "actively share their ... technical expertise with the dif ...

in Enterprise Security. Suiche started his career as an independent security researcher by presenting his work about the Microsoft Windows hibernation file for the first time at the international conference PacSec held in

Tokyo Tokyo, officially the Tokyo Metropolis, is the capital of Japan, capital and List of cities in Japan, most populous city in Japan. With a population of over 14 million in the city proper in 2023, it is List of largest cities, one of the most ...

in 2007. His expertise earned him an invitation from

Europol Europol, officially the European Union Agency for Law Enforcement Cooperation, is the law enforcement agency of the European Union (EU). Established in 1998, it is based in The Hague, Netherlands, and serves as the central hub for coordinating c ...

to speak at their internal High Tech Crime Experts Meeting in 2008. Between 2009 and 2010, he worked as a researcher for Netherlands Forensic Institute in

The Hague The Hague ( ) is the capital city of the South Holland province of the Netherlands. With a population of over half a million, it is the third-largest city in the Netherlands. Situated on the west coast facing the North Sea, The Hague is the c ...

. He then founded MoonSols, a company specializing in

and incident response. Suiche was also contributor of the

Samba Samba () is a broad term for many of the rhythms that compose the better known Brazilian music genres that originated in the Afro-Brazilians, Afro Brazilian communities of Bahia in the late 19th century and early 20th century, It is a name or ...

project during the

Google Summer of Code The Google Summer of Code, often abbreviated to GSoC, is an international annual program in which Google awards stipends to contributors who successfully complete a free and open-source software coding project during the summer. , the program is ...

in 2008, where he was in charge of implementing the new compression algorithms used by the networking protocols. In 2011, Suiche founded CloudVolumes (formerly SnapVolumes) a California-based virtualization management product company where he served as a Chief Scientist. Company was acquired by VMware in 2014. In 2016, Suiche founded Comae, is a UAE-based cybersecurity company that specializes in cloud-based memory analysis used to recover evidence from the volatile memory of devices. Company was acquired by Magnet Forensics in 2022.

Conferences

Suiche also had been a frequent speaker at various

computer security conference A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts. Common activities at hacker conven ...

s such as

Black Hat Briefings Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together ...

, Microsoft Blue Hat Hacker Conference, Shakacon, Hackito Ergo Sum,

High Tech Crime Experts Meeting, CanSecWest, PacSec, Hack In The Box, SyScan and Shakacon. He is on the board of Program Committee of Shakacon security conference, and one of the founders of Hackito Ergo Sum security conference in

Paris Paris () is the Capital city, capital and List of communes in France with over 20,000 inhabitants, largest city of France. With an estimated population of 2,048,472 residents in January 2025 in an area of more than , Paris is the List of ci ...

The Shadow Brokers

The Shadow Brokers is a

hacker group Hacker groups are informal communities that began to flourish in the early 1980s, with the advent of the home computer. Overview Prior to that time, the term ''hacker'' was simply a referral to any Hacker (hobbyist), computer hobbyist. The hacker ...

who first appeared in the summer of 2016. They published several leaks containing hacking tools, including several zero-day exploits, from the "

Equation Group The Equation Group, also known in China as APT-C-40, is a highly sophisticated Threat (computer)#Threat agents or actors, threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Age ...

" who are widely suspected to be a branch of the

National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...

(NSA) of the United States. Suiche spoke at the BlackHat about The Shadow Brokers’ saga, the large Vegas-based cybersecurity conference and after his presentation the TSB posted a public message stating “Hello Matt Suiche, The ShadowBrokers is sorry TheShadowBrokers is missing you at theblackhats or maybe not.” Suiche along with

James Bamford James Bamford (born September 15, 1946) is an American author, journalist and documentary producer noted for his writing about United States intelligence agencies, especially the National Security Agency (NSA). ''The New York Times'' has calle ...

speculated that an insider, "possibly someone assigned to the SA'shighly sensitive

Tailored Access Operations The Office of Tailored Access Operations (TAO), structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as ...

", stole the hacking tools.

Pwnie Awards 2013

In 2012, Suiche was one of the security researchers (along with several other well-known security researchers) who submitted a bogus article entitled "Nmap: The Internet Considered Harmful - DARPA Inference Checking Kludge Scanning" to Hakin9 Information Security Magazine. This article has been used as a

social proof Social proof (or informational social influence) is a psychological and social phenomenon wherein people copy the actions of others in choosing how to behave in a given situation. The term was coined by Robert Cialdini in his 1984 book '' Influe ...

to demonstrate the lack of relevance and expertise of certain media dedicated to Information Security, but also to criticize spamming techniques used by media in order to generate quantity-oriented data rather than quality-oriented information. The following year, this article resulted in being awarded the 2013

Pwnie Awards The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees ...

attributed to Hakin9 under the "Most Epic FAIL" category.

Awards and recognition

* 2009-2015, Microsoft Most Valuable Professional. * 2014, One of the 100 top key developers in France.

Bibliography

* ''Debugged! Mz/Pe: Magazine For/From Practicing Engineers'' by Dmitry Vostokov, Matthieu Suiche and Roberto Alexis Farah, OpenTask , 2009

References

External links

* {{DEFAULTSORT:Suiche, Matt French businesspeople Hackers Living people French computer scientists 1988 births