Matt Suiche

Early Career

Matthieu Suiche, widely known as Matt Suiche and by the username msuiche, began his career as an independent security researcher at a notably young age. His first major public appearance came in 2007, when he presented research on the Microsoft Windows hibernation file at PacSec, an international security conference held in Tokyo. That early work established the foundation for what would become a career closely associated with memory forensics and low-level Windows internals.

In 2008, his growing reputation earned him an invitation from Europol to speak at their internal High Tech Crime Experts Meeting. That same year, he contributed to the Samba project as part of Google Summer of Code, where he was responsible for implementing new compression algorithms used in networking protocols.

Research and Notable Work

Between 2009 and 2010, Suiche worked as a researcher at The Netherlands Forensic Institute in The Hague, further developing his expertise in digital forensics. His research contributions span Windows hibernation file analysis, Mac OS X physical memory analysis, and the discovery of multiple security flaws in Microsoft Windows kernel components.

One of his most recognized technical contributions is LiveCloudKd, a utility designed to analyze running Microsoft Hyper-V virtual machines. The tool drew the attention of Microsoft Technical Fellow Mark Russinovich, who highlighted it on his blog and later invited Suiche to speak about live kernel debugging and LiveCloudKd at Microsoft's BlueHat Security Briefings. Russinovich noted that Microsoft was sufficiently impressed by the work to develop a similar feature in one of its own tools.

Suiche holds the designation of Microsoft Most Valuable Professional in Enterprise Security, a recognition he maintained from 2009 through 2015.

Entrepreneurship

After his time at The Netherlands Forensic Institute, Suiche founded MoonSols, a company specializing in memory forensics and incident response.

In 2011, he co-founded CloudVolumes — originally named SnapVolumes — a California-based company focused on virtualization management products, where he served as Chief Scientist. VMware acquired the company in 2014.

In 2016, Suiche founded Comae, a UAE-based cybersecurity company specializing in cloud-based memory analysis for recovering evidence from the volatile memory of devices. Magnet Forensics acquired Comae in 2022.

The Shadow Brokers

Suiche became publicly involved in analysis of The Shadow Brokers, a hacker group that emerged in the summer of 2016 and published multiple leaks of hacking tools — including zero-day exploits — attributed to the "Equation Group," widely suspected to be affiliated with the NSA. After Suiche presented on The Shadow Brokers at Black Hat, the group posted a public message directed at him by name. He and journalist James Bamford speculated that the tools had been stolen by an insider, possibly someone with access to the NSA's Tailored Access Operations unit.

Community and Recognition

Suiche has been a frequent speaker at major security conferences including Black Hat Briefings, Microsoft BlueHat, CanSecWest, PacSec, Hack In The Box, SyScan, and Hackito Ergo Sum, among others. He serves on the Program Committee of the Shakacon security conference and is one of the founders of the Hackito Ergo Sum security conference in Paris.

In 2014, he was named one of the 100 top key developers in France in a report prepared for French minister Fleur Pellerin.

In 2012, Suiche was among a group of security researchers who submitted a deliberately fabricated article to Hakin9 Information Security Magazine as a demonstration of the publication's lack of editorial rigor. The stunt resulted in the 2013 Pwnie Award for "Most Epic FAIL" being awarded to Hakin9.

Suiche is also a co-author of Debugged! Mz/Pe: Magazine For/From Practicing Engineers, published by OpenTask in 2009.