We just published a new blog post that details our effort to recover
raw sockets on Windows 10+ systems.
This included reversing of the Windows network stack, verification of
recovery across all operating system versions, and creation of a new
Volatility 3 plugin that automates the recovery.
https://volatility-labs.blogspot.com/2023/08/memory-forensics-r-d-illustrat…
We hope that you enjoy it!
-- The Volatility Team
We are excited to announce that our Malware and Memory Forensics
training course is headed to Amsterdam in October!
Complete details can be found on our blog post announcing the course:
https://volatility-labs.blogspot.com/2023/06/malware-and-memory-forensics-t…
This course is completely updated to cover the latest malware and
threats against Windows 10 and 11 as well as the latest versions of
Linux and Apple Silicon devices.
If you would like to see an example of the research presented in this
course, then check out our recent blog post on detecting hidden
services in Windows 10+ memory samples:
https://volatility-labs.blogspot.com/2023/03/memory-forensics-r-d-illustrat…
We hope to see many of you October!
PS: We will be in Vegas this summer, so please let us know if you
would like to meet up with some of the developers!
-- The Volatility Team
The Computer Science department at Louisiana State University (LSU) is
currently hiring for many faculty positions related to applied cyber
security. Courses taught inside this department include reverse
engineering, malware analysis, binary exploitation, memory forensics
and other intensive courses related to incident response and offensive
security.
Ideal candidates will have significant experience with deeply
technical areas of cybersecurity. LSU was recently granted the CAE-CO
designation and is one of only 21 schools nation-wide to hold it as it
is the most technical designation granted by NSA and DHS. The
department also runs a large SFS program for cyber security students.
If you are interested in one of these positions, then please see the
following link. I also ask my industry contacts to please spread the
word within academic communities that you have access to:
https://lsu.wd1.myworkdayjobs.com/en-US/LSU/job/3325-Patrick-F-Taylor-Hall/…
The cybersecurity effort at LSU has strong support from the highest
levels of the school and is rapidly expanding – so now is the perfect
time to join.
PS: I am not employed by LSU, but do work very closely with the CS
department to ensure the courses are relevant to industry and rigorous
enough for students to leave with real-world, hands-on experience. If
you have questions related to the position, then please direct them to
Dr. Golden Richard at LSU: https://www.cct.lsu.edu/~golden/
Thanks,
Andrew
We just published a blog post on creating new Volatility 3 plugins to detect hidden services on Windows:
https://volatility-labs.blogspot.com/2023/03/memory-forensics-r-d-illustrat…
The post covers background on how malware abuses services, how services are tracked on a live system, and how we developed our new plugins.
Feedback and comments encouraged!
— The Volatility Team
We are excited to announce that we are resuming our in-person training course!
The first in-person course of 2023 will take place May 8–12 in Reston,
VA. We are also exploring potential venues for a Fall 2023 course in
Europe.
Full information on the course, including the many new updates being
added for 2023, can be found on our blog post here:
https://volatility-labs.blogspot.com/2023/01/the-return-of-in-person-volati…
We are really looking forward to resuming in-person training, and we
hope to see many of you in Reston. Please let us know if you have any
questions.
-- The Volatility Team
Hello All,
We are writing to gauge interest in our team resuming in-person
Malware and Memory Forensics trainings. We have not held one of these
since early 2020 but have started to receive inquiries about when they
would return. To help with our decision making, we have put together a
survey to help shape a potential in-person training in the USA in the
Fall. If you have interest in attending this course, or if would like
to suggest alternative options, then please fill out the survey here:
https://www.memoryanalysis.net/training-2022-survey
The survey will close next Friday on April 29th.
We would like to note that our self-paced, online training will remain
in place even when in-person trainings resume.
https://volatility-labs.blogspot.com/2021/01/malware-and-memory-forensics-t…
Please let us know if you have any questions or concerns.
Also, our mailing lists were having issues so we needed to resend this
message. We apologize if you receive it multiple times.
Thanks,
The Volatility Team
Hello All,
We are writing to gauge interest in our team resuming in-person
Malware and Memory Forensics trainings. We have not held one of these
since early 2020 but have started to receive inquiries about when they
would return. To help with our decision making, we have put together a
survey to help shape a potential in-person training in the USA in the
Fall. If you have interest in attending this course, or if would like
to suggest alternative options, then please fill out the survey here:
https://www.memoryanalysis.net/training-2022-survey
The survey will close next Friday on April 29th.
We would like to note that our self-paced, online training will remain
in place even when in-person trainings resume.
https://volatility-labs.blogspot.com/2021/01/malware-and-memory-forensics-t…
Please let us know if you have any questions or concerns.
Thanks,
The Volatility Team
The Call for Papers for the 2022 DFRWS USA conference is open!
Since 2005, DFRWS has been one of the main venues for publishing
cutting edge research and techniques related to memory forensics.
It is also a great venue to publish a peer-reviewed paper in an
academic setting that understands the value of memory forensics and
malware analysis.
If you are interested in submitting, then please see this year's CFP:
https://dfrws.org/dfrws-usa-2022-call-for-papers-is-open/
Thanks,
Andrew
We (the Volatility team) are often asked about what the memory forensics R&D process looks like, and how the abuse of an API by malware or a new code injection technique can be successfully uncovered by a Volatility plugin.
To illustrate this process, we just published a blog post that takes you from analyzing a potent target - the Skeleton Key attack of Mimikatz - through developing a new Volatility 3 plugin that can automatically detect it:
https://volatility-labs.blogspot.com/2021/10/memory-forensics-r-illustrated…
Feedback and comments are greatly appreciated.
We hope you enjoy the post!