#memoryanalysis — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #memoryanalysis, aggregated by home.social.
-
@volexity Volcano Server & Volcano One v26.04.27 adds memory analysis for arm64 Windows, memory-only .NET assemblies, SRUM database, Linux systemd units, history & timers from RAM.
This release also adds detection of AppleScript usage, cleared Windows event logs, AV scanning of files & deployments across AWS accounts.
Contact us for more information: https://volexity.com/company/contact/
-
Awesome blogpost on how to dump
shmon Linux:https://isc.sans.edu/diary/How+to+collect+memoryonly+filesystems+on+Linux+systems/32432/
-
Hypervisors for Memory Introspection and Reverse Engineering:
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
#reverveengineering #infosec #hypervisor #memoryanalysis #windows #rust
-
@volexity Volcano Server & Volcano One v25.02.21 adds 300 new YARA rules; consistent Bash/ZSH history & sessions from Linux/macOS memory and files; and parses Linux systemd journals, macOS unified logs, and Windows USNs (search + timeline for all).
This release also extracts cmd history from Windows 24H2 RAM; and adds admin options for SAML and S3 bucket watching.
For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
-
@volexity Volcano Server & Volcano One v24.09.12 includes many new features:
• Adds 320 new YARA rules & IOCs for reverse shells on Linux
• Supports non-English unicode
• Extracts browser history from RAM
• Adds collected files into timelines & searches
• Parses IIS web logs, Linux syslogs, and Linux logon events
• Extends integration with MITRE ATT&CK + Splunk HEC
• Deploys collection tools to AWS EC2 and Azure VMs
• ...and much more!
For information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
#dfir #memoryforensics #memoryanalysis -
@volexity Volcano Server & Volcano One v24.05.08 adds 45 new YARA rules, as well as new IOCs for out-of-tree kernel modules, hidden commands and startup scripts, and many more. This release also adds support for memory from Linux kernels 6.7+ and integrates with Windows Defender Antivirus for bulk scanning.
For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
-
@volexity Volcano Server & Volcano One v24.04.16 adds 75 new YARA rules, as well as new IOCs for hidden home folders, ncat reverse shells, system time changes, and many more. This release also recovers Linux user accounts, preserves dumped files for custom scans, and supports YARA 4.5.0 + PostgreSQL 16.
For more information about Volexity Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
-
Learn how to perform detection + triage of sophisticated malware against Windows 10+ systems using #Volatility3 from @volexity Director of Research & @volatility core developer @attrc at @bsidesseattle on April 27! Topics covered in his talk include process code injection, credential dumping, lateral movement, memory-only rootkits + anti-forensics concealment of malicious activity.
See the full conference schedule here: https://www.bsidesseattle.com/2024-schedule.html
-
Learn how to perform detection + triage of sophisticated malware against Windows 10+ systems using #Volatility3 from @volexity Director of Research & @volatility core developer @attrc at @bsidesseattle on April 27! Topics covered in his talk include process code injection, credential dumping, lateral movement, memory-only rootkits + anti-forensics concealment of malicious activity.
See the full conference schedule here: https://www.bsidesseattle.com/2024-schedule.html
-
Learn how to perform detection + triage of sophisticated malware against Windows 10+ systems using #Volatility3 from @volexity Director of Research & @volatility core developer @attrc at @bsidesseattle on April 27! Topics covered in his talk include process code injection, credential dumping, lateral movement, memory-only rootkits + anti-forensics concealment of malicious activity.
See the full conference schedule here: https://www.bsidesseattle.com/2024-schedule.html
-
Learn how to perform detection + triage of sophisticated malware against Windows 10+ systems using #Volatility3 from @volexity Director of Research & @volatility core developer @attrc at @bsidesseattle on April 27! Topics covered in his talk include process code injection, credential dumping, lateral movement, memory-only rootkits + anti-forensics concealment of malicious activity.
See the full conference schedule here: https://www.bsidesseattle.com/2024-schedule.html
-
Learn how to perform detection + triage of sophisticated malware against Windows 10+ systems using #Volatility3 from @volexity Director of Research & @volatility core developer @attrc at @bsidesseattle on April 27! Topics covered in his talk include process code injection, credential dumping, lateral movement, memory-only rootkits + anti-forensics concealment of malicious activity.
See the full conference schedule here: https://www.bsidesseattle.com/2024-schedule.html
-
@volexity Volcano Server & Volcano One v24.03.21 adds 90 new YARA rules & new IOCs for macOS dylib injection, and expands deep binary inspection to Linux and macOS memory. This release also adds recovery of macOS user accounts, a dedicated tab for Windows scheduled tasks, and online release checks.
For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
-
@volexity Volcano Server & Volcano One v24.01.17 adds 150 new YARA rules, new IOCs for credential theft on Windows, and detection of new forms of code injection on Linux. This release also adds built-in artifact documentation, verbose details for MITRE labels, and expanded file collection templates.
For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
#dfir #memoryforensics #memoryanalysis -
@volexity Volcano Server & Volcano One v23.11.22 adds direct cloud integrations + support for analyzing memory from Windows 23H2 & macOS Sonoma, and extends macOS persistence detection. This release also adds 50 new YARA rules & IOCs to detect Linux netfilter hooks, suspicious PE headers, Defender exclusions, netsh port proxies, and more.
For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
-
@volexity Volcano Server & Volcano One v23.09.16 adds 75 new YARA rules & IOCs to detect LNK malware, persistence via port monitors, Linux secret memory and Linux fileless malware. This release also adds alert timelines, a universal memory/disk registry API, extensive audit logs, automatic online updates, and MITRE ATT&CK integration.
For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
-
📢 New blog post alert! 📢
Check out our latest blog post "A Deep Dive into Penetration Testing of macOS Applications (Part 2)"! 🕵️♀️🖥️🔍
In this post, we discuss code signing mechanisms, code signature flags, and file and memory analysis techniques and tools. 💻🔒💡
Learn how to identify potential vulnerabilities and strengthen your macOS application security! 💪
Read the full article here: https://www.cyberark.com/resources/threat-research-blog/a-deep-dive-into-penetration-testing-of-macos-applications-part-2
#macOS #cybersecurity #pentesting #infosec #blogpost #appsecurity #hardenedruntime #entitlements #fileanalysis #memoryanalysis #securityresearch
-
@volexity Volcano Server & Volcano One v23.07.13 adds 100 new YARA rules and new IOCs to detect tampering with ETW, AMSI, Windows Defender, and the event logging system; brute force logins; redirected standard handles; and loads of modern Windows rootkit methods. This release also adds Linux kernel module scanning, the ability to group alerts by user, better visibility into MFT-resident data in memory, and new collection tools for all the latest versions of Windows, Linux, and macOS.
Contact us to learn more: https://volexity.com/company/contact/
-
@volexity Volcano Server and Volcano One v23.05.19 adds 125 new YARA rules; many new IOCs, including process ghosting; integration of Windows registry and event logs into API and timeline results; and a refactored UI/UX alert pane. This release also includes significant improvements to filtering and grouping artifacts; support for multiple API keys with expirations and activity tracking (for SOARs and custom scripts); and compatibility with Amazon Linux 2023 and PostgreSQL 15.
Contact us to learn more: https://www.volexity.com/company/contact/
-
@volexity details how to use #memoryanalysis to detect EDR-nullifying malware. This latest blog post uses the #AVBurner malware, first documented by @TrendMicro, as an example. Read more here: https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/
-
CW: Cross-posted from LinkedIn: Study/Learning/Classes
Since I started my #MSISE with SANS, I have taken some GREAT classes and learned so much, but THIS class is one of the top two I’ve been looking forward to the most (the other being FOR610/GREM planned for this summer)!
I am so excited to get started on #FOR508 - Advanced #IncidentResponse, #ThreatHunting, and #DigitalForensics- and prepare for my #GCFA this Spring!
Since Thanksgiving, I’ve also been working my way through a backlog of technical books I have, occasionally reference, but never dove into completely. I’m remedying that this year and made a promise to myself to sit down and read/work through my bookshelf. I can say that I’m already seeing the benefits of that effort, unlocking a few “a ha!” moments and further helping me refine my future professional plans.
When I took my first security class years ago, I immediately fell in love with the field. I knew I needed to do this with my career. I have found that feeling again in the last quarter as I spend more time studying #memoryanalysis and #reverseengineering. I took a really nontraditional path into these disciplines, and I have a lot of gaps in knowledge I’m constantly filling in, but I *love* learning this stuff.
Over 2/3 of the way through my masters…. The academic end is in sight, but the learning opportunities are infinite :)
-
CW: Cross-posted from LinkedIn: Study/Learning/Classes
Since I started my #MSISE with SANS, I have taken some GREAT classes and learned so much, but THIS class is one of the top two I’ve been looking forward to the most (the other being FOR610/GREM planned for this summer)!
I am so excited to get started on #FOR508 - Advanced #IncidentResponse, #ThreatHunting, and #DigitalForensics- and prepare for my #GCFA this Spring!
Since Thanksgiving, I’ve also been working my way through a backlog of technical books I have, occasionally reference, but never dove into completely. I’m remedying that this year and made a promise to myself to sit down and read/work through my bookshelf. I can say that I’m already seeing the benefits of that effort, unlocking a few “a ha!” moments and further helping me refine my future professional plans.
When I took my first security class years ago, I immediately fell in love with the field. I knew I needed to do this with my career. I have found that feeling again in the last quarter as I spend more time studying #memoryanalysis and #reverseengineering. I took a really nontraditional path into these disciplines, and I have a lot of gaps in knowledge I’m constantly filling in, but I *love* learning this stuff.
Over 2/3 of the way through my masters…. The academic end is in sight, but the learning opportunities are infinite :)
-
CW: Cross-posted from LinkedIn: Study/Learning/Classes
Since I started my #MSISE with SANS, I have taken some GREAT classes and learned so much, but THIS class is one of the top two I’ve been looking forward to the most (the other being FOR610/GREM planned for this summer)!
I am so excited to get started on #FOR508 - Advanced #IncidentResponse, #ThreatHunting, and #DigitalForensics- and prepare for my #GCFA this Spring!
Since Thanksgiving, I’ve also been working my way through a backlog of technical books I have, occasionally reference, but never dove into completely. I’m remedying that this year and made a promise to myself to sit down and read/work through my bookshelf. I can say that I’m already seeing the benefits of that effort, unlocking a few “a ha!” moments and further helping me refine my future professional plans.
When I took my first security class years ago, I immediately fell in love with the field. I knew I needed to do this with my career. I have found that feeling again in the last quarter as I spend more time studying #memoryanalysis and #reverseengineering. I took a really nontraditional path into these disciplines, and I have a lot of gaps in knowledge I’m constantly filling in, but I *love* learning this stuff.
Over 2/3 of the way through my masters…. The academic end is in sight, but the learning opportunities are infinite :)
-
CW: Cross-posted from LinkedIn: Study/Learning/Classes
Since I started my #MSISE with SANS, I have taken some GREAT classes and learned so much, but THIS class is one of the top two I’ve been looking forward to the most (the other being FOR610/GREM planned for this summer)!
I am so excited to get started on #FOR508 - Advanced #IncidentResponse, #ThreatHunting, and #DigitalForensics- and prepare for my #GCFA this Spring!
Since Thanksgiving, I’ve also been working my way through a backlog of technical books I have, occasionally reference, but never dove into completely. I’m remedying that this year and made a promise to myself to sit down and read/work through my bookshelf. I can say that I’m already seeing the benefits of that effort, unlocking a few “a ha!” moments and further helping me refine my future professional plans.
When I took my first security class years ago, I immediately fell in love with the field. I knew I needed to do this with my career. I have found that feeling again in the last quarter as I spend more time studying #memoryanalysis and #reverseengineering. I took a really nontraditional path into these disciplines, and I have a lot of gaps in knowledge I’m constantly filling in, but I *love* learning this stuff.
Over 2/3 of the way through my masters…. The academic end is in sight, but the learning opportunities are infinite :)
-
CW: Cross-posted from LinkedIn: Study/Learning/Classes
Since I started my #MSISE with SANS, I have taken some GREAT classes and learned so much, but THIS class is one of the top two I’ve been looking forward to the most (the other being FOR610/GREM planned for this summer)!
I am so excited to get started on #FOR508 - Advanced #IncidentResponse, #ThreatHunting, and #DigitalForensics- and prepare for my #GCFA this Spring!
Since Thanksgiving, I’ve also been working my way through a backlog of technical books I have, occasionally reference, but never dove into completely. I’m remedying that this year and made a promise to myself to sit down and read/work through my bookshelf. I can say that I’m already seeing the benefits of that effort, unlocking a few “a ha!” moments and further helping me refine my future professional plans.
When I took my first security class years ago, I immediately fell in love with the field. I knew I needed to do this with my career. I have found that feeling again in the last quarter as I spend more time studying #memoryanalysis and #reverseengineering. I took a really nontraditional path into these disciplines, and I have a lot of gaps in knowledge I’m constantly filling in, but I *love* learning this stuff.
Over 2/3 of the way through my masters…. The academic end is in sight, but the learning opportunities are infinite :)
-
Volexity’s Robert Jan Mora was quoted in this article about the Bhima Koregaon case: https://www.washingtonpost.com/world/2022/12/13/stan-swamy-hacked-bhima-koregaon/. Perhaps one of the most interesting examples of a “trojan did it” scenario, the investigation shows why #memoryanalysis is critical for reconstructing the state of a compromised system.
-
On the Digital Forensics Discord server the question came up on how to create a Windows profile for Volatility 2. Quick show of hands on who would be interested in a write up. #DFIR #volatility #memoryanalysis
-
@truekonrads @kdpryor you should look into Surge. It just works: https://www.volexity.com/products-overview/surge/
