#memoryforensics — Public Fediverse posts

RE: https://infosec.exchange/@jackrhysider/116523222332876813

The latest #DarknetDiaries (Ep. 174: Pacific Rim) offers a look at state-sponsored groups targeting perimeter infrastructure & edge devices. Thanks @jackrhysider for mentioning our work!

@volexity’s detection and response efforts combined network visibility, host-based analysis, #threatintelligence & #memoryforensics, enabling us to discover these complex #0days being exploited in the wild.

Read our blog post for the original research mentioned: https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/

RE: https://infosec.exchange/@jackrhysider/116523222332876813

The latest #DarknetDiaries (Ep. 174: Pacific Rim) offers a look at state-sponsored groups targeting perimeter infrastructure & edge devices. Thanks @jackrhysider for mentioning our work!

@volexity’s detection and response efforts combined network visibility, host-based analysis, #threatintelligence & #memoryforensics, enabling us to discover these complex #0days being exploited in the wild.

Read our blog post for the original research mentioned: https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/

RE: https://infosec.exchange/@jackrhysider/116523222332876813

The latest #DarknetDiaries (Ep. 174: Pacific Rim) offers a look at state-sponsored groups targeting perimeter infrastructure & edge devices. Thanks @jackrhysider for mentioning our work!

@volexity’s detection and response efforts combined network visibility, host-based analysis, #threatintelligence & #memoryforensics, enabling us to discover these complex #0days being exploited in the wild.

Read our blog post for the original research mentioned: https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/

RE: https://infosec.exchange/@jackrhysider/116523222332876813

The latest #DarknetDiaries (Ep. 174: Pacific Rim) offers a look at state-sponsored groups targeting perimeter infrastructure & edge devices. Thanks @jackrhysider for mentioning our work!

@volexity’s detection and response efforts combined network visibility, host-based analysis, #threatintelligence & #memoryforensics, enabling us to discover these complex #0days being exploited in the wild.

Read our blog post for the original research mentioned: https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/

@volexity Volcano Server & Volcano One v26.04.27 adds memory analysis for arm64 Windows, memory-only .NET assemblies, SRUM database, Linux systemd units, history & timers from RAM.

This release also adds detection of AppleScript usage, cleared Windows event logs, AV scanning of files & deployments across AWS accounts.

Contact us for more information: https://volexity.com/company/contact/

#memoryforensics #memoryanalysis #dfir

Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

It also uses SQL-based queries to perform analysis, similar to #OSquery.

https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/

#MemoryForensics #IncidentResponse #DFIR #DigitalForensics

Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

It also uses SQL-based queries to perform analysis, similar to #OSquery.

https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/

#MemoryForensics #IncidentResponse #DFIR #DigitalForensics

Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

It also uses SQL-based queries to perform analysis, similar to #OSquery.

https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/

#MemoryForensics #IncidentResponse #DFIR #DigitalForensics

Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

It also uses SQL-based queries to perform analysis, similar to #OSquery.

https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/

#MemoryForensics #IncidentResponse #DFIR #DigitalForensics

Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

It also uses SQL-based queries to perform analysis, similar to #OSquery.

https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/

#MemoryForensics #IncidentResponse #DFIR #DigitalForensics

🚀 Ah yes, the modern-day alchemist's dream: extract memories faster than your grandma can forget them! 🧠🔍 GitHub's latest concoction promises to make memory forensics as breezy as a summer’s fart—assuming you can navigate the UI from 1995. ⚙️💻
https://github.com/volatilityfoundation/volatility3 #memoryforensics #GitHub #techinnovation #UXdesign #digitalalchemy #HackerNews #ngated

Recently, we submitting our Velociraptor plugin `Windows.Memory.Mem2Disk` to the official repository. Our plugin can detect common C2 frameworks live in RAM.

We now published part 2 of the memory forensics blog post, explaining the technique in more detail:

https://docs.velociraptor.app/blog/2025/2025-12-22-memory-analysis-pt2/

Merry Christmas! 🎄

#C2 #velociraptor #detection #memoryforensics #DFIR #cybersecurity #infosec #pwr2

Recently, we submitting our Velociraptor plugin `Windows.Memory.Mem2Disk` to the official repository. Our plugin can detect common C2 frameworks live in RAM.

We now published part 2 of the memory forensics blog post, explaining the technique in more detail:

https://docs.velociraptor.app/blog/2025/2025-12-22-memory-analysis-pt2/

Merry Christmas! 🎄

#C2 #velociraptor #detection #memoryforensics #DFIR #cybersecurity #infosec #pwr2

Update:

Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.

We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.

It was recently featured in a blog post by Mike Cohen:

https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1

Stay tuned for memory analysis with velo part 2!

#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2

Update:

Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.

We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.

It was recently featured in a blog post by Mike Cohen:

https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1

Stay tuned for memory analysis with velo part 2!

#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2

Update:

Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.

We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.

It was recently featured in a blog post by Mike Cohen:

https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1

Stay tuned for memory analysis with velo part 2!

#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2

Update:

Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.

We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.

It was recently featured in a blog post by Mike Cohen:

https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1

Stay tuned for memory analysis with velo part 2!

#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2

Update:

Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.

We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.

It was recently featured in a blog post by Mike Cohen:

https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1

Stay tuned for memory analysis with velo part 2!

#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2

#DFIR #knowledgedrop

Awesome blogpost on how to dump shm on Linux:

https://isc.sans.edu/diary/How+to+collect+memoryonly+filesystems+on+Linux+systems/32432/

#memoryforensics #RAM #memoryanalysis

Today we have another #DEFCONTraining Bahrain Spotlight - “A Complete Practical Approach to Malware Analysis & Threat Hunting with Memory Forensics, Endpoint Telemetry, & AI-Driven Hunting” with Monnappa K A and Sajan Shetty on November 3-4.

This 2-day intensive, hands-on training teaches the concepts, tools, and techniques required to analyze, investigate, and hunt malware by combining four powerful approaches: malware analysis, reverse engineering, memory forensics, and endpoint telemetry-based threat hunting. The course begins with the foundations of malware analysis, Windows internals, and memory forensics, before moving into advanced concepts of malware investigation and hunting adversary techniques.

What makes this training unique and future-ready is the introduction to the concept of AI-powered autonomous hunting with the Garuda Threat Hunting Framework.

Take a deeper look and register for this course today: https://training.defcon.org/collections/arab-cybersecurity-2025/products/monnappa-k-a-a-complete-practical-approach-to-malware-analysis-threat-hunting-using-memory-forensics-dctlv2025-copy

Explore the full list of offerings in Bahrain at https://training.defcon.org/collections/arab-cybersecurity-2025

#defcon #cyber #training #defconbahrain #AICS2025 #Bahrain #UAE #SaudiArabia #cybertraining #infosec #cybersecurity #cyberdefense #malwareanalysis #threathunting #memoryforensics #AI #endpointtelemetry

Today we have another #DEFCONTraining Bahrain Spotlight - “A Complete Practical Approach to Malware Analysis & Threat Hunting with Memory Forensics, Endpoint Telemetry, & AI-Driven Hunting” with Monnappa K A and Sajan Shetty on November 3-4.

This 2-day intensive, hands-on training teaches the concepts, tools, and techniques required to analyze, investigate, and hunt malware by combining four powerful approaches: malware analysis, reverse engineering, memory forensics, and endpoint telemetry-based threat hunting. The course begins with the foundations of malware analysis, Windows internals, and memory forensics, before moving into advanced concepts of malware investigation and hunting adversary techniques.

What makes this training unique and future-ready is the introduction to the concept of AI-powered autonomous hunting with the Garuda Threat Hunting Framework.

Take a deeper look and register for this course today: https://training.defcon.org/collections/arab-cybersecurity-2025/products/monnappa-k-a-a-complete-practical-approach-to-malware-analysis-threat-hunting-using-memory-forensics-dctlv2025-copy

Explore the full list of offerings in Bahrain at https://training.defcon.org/collections/arab-cybersecurity-2025

#defcon #cyber #training #defconbahrain #AICS2025 #Bahrain #UAE #SaudiArabia #cybertraining #infosec #cybersecurity #cyberdefense #malwareanalysis #threathunting #memoryforensics #AI #endpointtelemetry

Today we have another #DEFCONTraining Bahrain Spotlight - “A Complete Practical Approach to Malware Analysis & Threat Hunting with Memory Forensics, Endpoint Telemetry, & AI-Driven Hunting” with Monnappa K A and Sajan Shetty on November 3-4.

This 2-day intensive, hands-on training teaches the concepts, tools, and techniques required to analyze, investigate, and hunt malware by combining four powerful approaches: malware analysis, reverse engineering, memory forensics, and endpoint telemetry-based threat hunting. The course begins with the foundations of malware analysis, Windows internals, and memory forensics, before moving into advanced concepts of malware investigation and hunting adversary techniques.

What makes this training unique and future-ready is the introduction to the concept of AI-powered autonomous hunting with the Garuda Threat Hunting Framework.

Take a deeper look and register for this course today: https://training.defcon.org/collections/arab-cybersecurity-2025/products/monnappa-k-a-a-complete-practical-approach-to-malware-analysis-threat-hunting-using-memory-forensics-dctlv2025-copy

Explore the full list of offerings in Bahrain at https://training.defcon.org/collections/arab-cybersecurity-2025

#defcon #cyber #training #defconbahrain #AICS2025 #Bahrain #UAE #SaudiArabia #cybertraining #infosec #cybersecurity #cyberdefense #malwareanalysis #threathunting #memoryforensics #AI #endpointtelemetry

Today we have another #DEFCONTraining Bahrain Spotlight - “A Complete Practical Approach to Malware Analysis & Threat Hunting with Memory Forensics, Endpoint Telemetry, & AI-Driven Hunting” with Monnappa K A and Sajan Shetty on November 3-4.

This 2-day intensive, hands-on training teaches the concepts, tools, and techniques required to analyze, investigate, and hunt malware by combining four powerful approaches: malware analysis, reverse engineering, memory forensics, and endpoint telemetry-based threat hunting. The course begins with the foundations of malware analysis, Windows internals, and memory forensics, before moving into advanced concepts of malware investigation and hunting adversary techniques.

What makes this training unique and future-ready is the introduction to the concept of AI-powered autonomous hunting with the Garuda Threat Hunting Framework.

Take a deeper look and register for this course today: https://training.defcon.org/collections/arab-cybersecurity-2025/products/monnappa-k-a-a-complete-practical-approach-to-malware-analysis-threat-hunting-using-memory-forensics-dctlv2025-copy

Explore the full list of offerings in Bahrain at https://training.defcon.org/collections/arab-cybersecurity-2025

#defcon #cyber #training #defconbahrain #AICS2025 #Bahrain #UAE #SaudiArabia #cybertraining #infosec #cybersecurity #cyberdefense #malwareanalysis #threathunting #memoryforensics #AI #endpointtelemetry

Today we have another #DEFCONTraining Bahrain Spotlight - “A Complete Practical Approach to Malware Analysis & Threat Hunting with Memory Forensics, Endpoint Telemetry, & AI-Driven Hunting” with Monnappa K A and Sajan Shetty on November 3-4.

This 2-day intensive, hands-on training teaches the concepts, tools, and techniques required to analyze, investigate, and hunt malware by combining four powerful approaches: malware analysis, reverse engineering, memory forensics, and endpoint telemetry-based threat hunting. The course begins with the foundations of malware analysis, Windows internals, and memory forensics, before moving into advanced concepts of malware investigation and hunting adversary techniques.

What makes this training unique and future-ready is the introduction to the concept of AI-powered autonomous hunting with the Garuda Threat Hunting Framework.

Take a deeper look and register for this course today: https://training.defcon.org/collections/arab-cybersecurity-2025/products/monnappa-k-a-a-complete-practical-approach-to-malware-analysis-threat-hunting-using-memory-forensics-dctlv2025-copy

Explore the full list of offerings in Bahrain at https://training.defcon.org/collections/arab-cybersecurity-2025

#defcon #cyber #training #defconbahrain #AICS2025 #Bahrain #UAE #SaudiArabia #cybertraining #infosec #cybersecurity #cyberdefense #malwareanalysis #threathunting #memoryforensics #AI #endpointtelemetry

@volexity researchers will be presenting at THREE conferences in Las Vegas this August! Here’s where you can hear about some of our latest research in #memoryforensics and automated malicious script detection and de-obfuscation:
 
Monday, August 4:  Detecting, Deobfuscating, and Preventing Obfuscated Script Execution with Tree-sitter @ BSides Las Vegas (https://bsideslv.org/talks#LBQDEB)
 
Wednesday, August 6: Volatility 3 @ Black Hat Arsenal (https://www.blackhat.com/us-25/arsenal/schedule/#volatility-3-44745)
 
Friday, August 8: Effectively Detecting Modern Malware with Volatility 3 Workshop @ DEF CON 33 (https://defcon.org/html/defcon-33/dc-33-workshops.html#content_60679)
 
Many members of the @volexity team will be also in Vegas, so if you’d like to meet up with our leadership, development, engineering, services, or threat intelligence teams, please reach out or complete our contact form: https://www.volexity.com/contact/meet-up-in-vegas/

Doing some interesting #memoryforensics on @signalapp tonight. Still would trust them with my life, and the lives of my friends, but interesting stuff in the memory.

For instance, people I haven't talked to in 3 years showed up in the memory dump with a field called "SharedGroupNames" that listed every group that both I and that individual were associated with.

Also, the "LastMessage" field was often populated with a plaintext version of the last thing the individual had messaged me.

@volexity Volcano Server & Volcano One v25.02.21 adds 300 new YARA rules; consistent Bash/ZSH history & sessions from Linux/macOS memory and files; and parses Linux systemd journals, macOS unified logs, and Windows USNs (search + timeline for all).

This release also extracts cmd history from Windows 24H2 RAM; and adds admin options for SAML and S3 bucket watching. 



For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

It’s great to see NCSC drawing attention to the ongoing issues with network devices & appliances. https://www.ncsc.gov.uk/news/cyber-agencies-unveil-new-guidelines-to-secure-edge-devices-from-increasing-threat



Hopefully, vendors will heed the volatile data collection guidance: “Volatile data logging should support collection of… memory both at a kernel and individual process level.”

As reported in several of our recent blog posts, #memoryforensics of edge devices plays a critical role in helping to understand vulnerabilities and perform post-exploitation investigations: https://www.volexity.com/blog/tag/edge-device/



No ‘Ware To Hide!

#dfir

Interested in searching for unknown malicious software? Our team in Microsoft Research is hiring. The position can be fully remote.

https://jobs.careers.microsoft.com/global/en/share/1802075/

#FediHire #MemoryForensics #ReverseEngineering

On Thursday, Feb 6, @attrc will be at @WWHackinFest to present "Effectively Detecting Modern Code Injection Techniques with Volatility 3". See the full conference agenda here: https://wildwesthackinfest.com/wild-west-hackin-fest-at-mile-high-2025/agenda-for-wwhf-mile-high-2025/. 

#dfir #memoryforensics #Volatility3 @volatility

On Thursday, Feb 6, @attrc will be at @WWHackinFest to present "Effectively Detecting Modern Code Injection Techniques with Volatility 3". See the full conference agenda here: https://wildwesthackinfest.com/wild-west-hackin-fest-at-mile-high-2025/agenda-for-wwhf-mile-high-2025/. 

#dfir #memoryforensics #Volatility3 @volatility

On Thursday, Feb 6, @attrc will be at @WWHackinFest to present "Effectively Detecting Modern Code Injection Techniques with Volatility 3". See the full conference agenda here: https://wildwesthackinfest.com/wild-west-hackin-fest-at-mile-high-2025/agenda-for-wwhf-mile-high-2025/. 

#dfir #memoryforensics #Volatility3 @volatility

On Thursday, Feb 6, @attrc will be at @WWHackinFest to present "Effectively Detecting Modern Code Injection Techniques with Volatility 3". See the full conference agenda here: https://wildwesthackinfest.com/wild-west-hackin-fest-at-mile-high-2025/agenda-for-wwhf-mile-high-2025/. 

#dfir #memoryforensics #Volatility3 @volatility

Detected a C2 framework in RAM today with velociraptor. Dumped the process memory with velo, created a zignature with radare2.

Never thought I'd ever reach that level...

Blogpost and velo artifact incoming :blobsmile:

#velociraptor #radare2 #detection #c2 #MemoryForensics #DFIR

Memory mounting with MemProcFS? This changes everything...

Our Luke Davis dives into MemProcFS in our latest blog, exploring how this tool has transformed memory forensics. MemProcFS allows memory dumps to be mounted and browsed like file systems, making complex memory structures easy to analyse. 💻

Using MemProcFS, investigators can:

Quickly analyse suspicious processes, like tracking Excel launching malicious code

Monitor network connections tied to ransomware groups and other threats

Explore advanced features like memory timelines and registry browsing to trace system activity and investigate security breaches 🔍

This post is a must-read for anyone delving into digital forensics or curious about memory mounting: 🔗https://www.pentestpartners.com/security-blog/mounting-memory-with-memprocfs-for-advanced-memory-forensics/

#MemoryForensics #MemProcFS #DigitalForensics #Cybersecurity #MalwareAnalysis #Infosec

In our latest blog, Luke Davis, Head of DFIR, explores the role of memory forensics in cyber investigations.🕵️‍♂️

Discover how analysing a system's RAM can uncover critical volatile data, such as running processes, encryption keys, network connections, and real-time user activity—evidence often missed by traditional disk forensics.
 
Learn how this approach helps detect malware, recover hidden data, and identify unauthorised access for a deeper understanding of cyber incidents.
 
👉 Read the full blog here: https://www.pentestpartners.com/security-blog/investigating-volatile-data-with-advanced-memory-forensics-tools-part-1/
 
🔜 Stay tuned for part two, where Luke dives into the innovative MemProcFS tool and how it revolutionises memory analysis.
 
#DFIR #MemoryForensics #DigitalForensics #CyberSecurity #IncidentResponse #ForensicTools #CyberInvestigations #InfoSec

In our latest blog, Luke Davis, Head of DFIR, explores the role of memory forensics in cyber investigations.🕵️‍♂️

Discover how analysing a system's RAM can uncover critical volatile data, such as running processes, encryption keys, network connections, and real-time user activity—evidence often missed by traditional disk forensics.
 
Learn how this approach helps detect malware, recover hidden data, and identify unauthorised access for a deeper understanding of cyber incidents.
 
👉 Read the full blog here: https://www.pentestpartners.com/security-blog/investigating-volatile-data-with-advanced-memory-forensics-tools-part-1/
 
🔜 Stay tuned for part two, where Luke dives into the innovative MemProcFS tool and how it revolutionises memory analysis.
 
#DFIR #MemoryForensics #DigitalForensics #CyberSecurity #IncidentResponse #ForensicTools #CyberInvestigations #InfoSec

In our latest blog, Luke Davis, Head of DFIR, explores the role of memory forensics in cyber investigations.🕵️‍♂️

Discover how analysing a system's RAM can uncover critical volatile data, such as running processes, encryption keys, network connections, and real-time user activity—evidence often missed by traditional disk forensics.
 
Learn how this approach helps detect malware, recover hidden data, and identify unauthorised access for a deeper understanding of cyber incidents.
 
👉 Read the full blog here: https://www.pentestpartners.com/security-blog/investigating-volatile-data-with-advanced-memory-forensics-tools-part-1/
 
🔜 Stay tuned for part two, where Luke dives into the innovative MemProcFS tool and how it revolutionises memory analysis.
 
#DFIR #MemoryForensics #DigitalForensics #CyberSecurity #IncidentResponse #ForensicTools #CyberInvestigations #InfoSec

In our latest blog, Luke Davis, Head of DFIR, explores the role of memory forensics in cyber investigations.🕵️‍♂️

Discover how analysing a system's RAM can uncover critical volatile data, such as running processes, encryption keys, network connections, and real-time user activity—evidence often missed by traditional disk forensics.
 
Learn how this approach helps detect malware, recover hidden data, and identify unauthorised access for a deeper understanding of cyber incidents.
 
👉 Read the full blog here: https://www.pentestpartners.com/security-blog/investigating-volatile-data-with-advanced-memory-forensics-tools-part-1/
 
🔜 Stay tuned for part two, where Luke dives into the innovative MemProcFS tool and how it revolutionises memory analysis.
 
#DFIR #MemoryForensics #DigitalForensics #CyberSecurity #IncidentResponse #ForensicTools #CyberInvestigations #InfoSec

@volexity Volcano Server & Volcano One v24.09.12 includes many new features:
 
• Adds 320 new YARA rules & IOCs for reverse shells on Linux
• Supports non-English unicode
• Extracts browser history from RAM
• Adds collected files into timelines & searches
• Parses IIS web logs, Linux syslogs, and Linux logon events
• Extends integration with MITRE ATT&CK + Splunk HEC
• Deploys collection tools to AWS EC2 and Azure VMs
• ...and much more!
 
For information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
 
#dfir #memoryforensics #memoryanalysis  

Tune in NOW to hear from our own Marcus Guevara "Is Dead Memory Analysis Dead? Finding Infected Systems through Live Memory Analysis"

#CactusCon #CC11 #infosec #DFIR #MemoryForensics

Finished day 19 yesterday but fell asleep before posting 🤣🤣. Memory forensics is definitely my. Love Volitility 2 and 3. #adventofcyber2023 #adventofcyber #z0ds3c #tryhackme #memoryforensics #cyberforensics #BlueTeam

@volexity Volcano Server & Volcano One v24.05.08 adds 45 new YARA rules, as well as new IOCs for out-of-tree kernel modules, hidden commands and startup scripts, and many more. This release also adds support for memory from Linux kernels 6.7+ and integrates with Windows Defender Antivirus for bulk scanning.

For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

@volexity Volcano Server & Volcano One v24.04.16 adds 75 new YARA rules, as well as new IOCs for hidden home folders, ncat reverse shells, system time changes, and many more. This release also recovers Linux user accounts, preserves dumped files for custom scans, and supports YARA 4.5.0 + PostgreSQL 16.

For more information about Volexity Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

Learn how to perform detection + triage of sophisticated malware against Windows 10+ systems using #Volatility3 from @volexity Director of Research & @volatility core developer @attrc at @bsidesseattle on April 27! Topics covered in his talk include process code injection, credential dumping, lateral movement, memory-only rootkits + anti-forensics concealment of malicious activity.

See the full conference schedule here: https://www.bsidesseattle.com/2024-schedule.html

#dfir #memoryforensics #memoryanalysis