RE: [Vol-users] Need to pick a malware for a demo
3 May
2012
3 May
'12
10:41 a.m.
Hi Fosforo, I'm afraid I was not clear, but thanks for the URL.
I'm looking for a suggestion of a sample NAME that had those characteristics I was
looking for.
I use malwaredomainlist too; and if I did not have a sample, I'd probably look for one
there.
I will be using a VM in the demo so it would have to run in a demo and illustrate the
crossview technique.
Mike
From: fosforo(a)gmail.com
Date: Thu, 3 May 2012 02:47:02 -0300
Subject: Re: [Vol-users] Need to pick a malware for a demo
To: dragonforen(a)hotmail.com
CC: vol-users(a)volatilityfoundation.org
have fun.
http://www.malwaredomainlist.com/mdl.php
--
[]s Fosforo
-------------------------------------------------------------
"Only the wisest and stupidest of men never change."
-Confusio
-------------------------------------------------------------
On Thu, May 3, 2012 at 1:32 AM, Mike Lambert <dragonforen(a)hotmail.com> wrote:
> I've got a memory forensics presentation coming up next week and I'd like
to
> use a sample that will illustrate a crossview example.
>
> Specifically, I'd like to use an example that hides from pslist on the
> running system (don't want a DKOM example) but we can find it using
> Volatility.
> I'd like it to be something running and not a process injection sample.
>
> Does someone have a suggestion which one may provide a good illustration?
>
> Thanks,
> Mike
>
>
> _______________________________________________
> Vol-users mailing list
> Vol-users(a)volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>
Attachments:
- attachment.html (text/html — 2.2 KB)