Michael Ligh (MHL)
@iMHLv2CTO @Volexity. Malware Analyst's Cookbook. Art of Memory Forensics. The @Volatility Project. Thoughts are those of my employer, not mine, they made me say it.
Similar User
@volatility
@gleeda
@EricRZimmerman
@lennyzeltser
@bartblaze
@iamevltwin
@DidierStevens
@robtlee
@attrc
@chadtilbury
@unpacker
@williballenthin
@carrier4n6
@Xylit0l
@StopMalvertisin
Thank you!! This was a fun & wild case for us and happy you enjoyed the story.
Today at @CYBERWARCON we watched arguably one of the most interesting talks we've seen in awhile. @stevenadair gave a nearly 1 hour presentation regarding APT28's "Nearest Neighbor Attack". In summary, because it was a long and wild story, APT28 successfully compromised one of…
.@Volexity has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: volexity.com/blog/2024/11/1… #dfir #threatintel
“In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked.” volexity.com/blog/2024/11/2…
.@Volexity’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target, while the attacker was halfway around the world. volexity.com/blog/2024/11/2… #dfir
@stevenadair and I presented on this last month at #FTSCon (IYKYK). Steven is also presenting today @CYBERWARCON Really excited to finally share this research publicly! It's probably one of the more crazy/interesting IR engagements we've ever worked! #DFIR #ThreatIntel
.@Volexity’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target, while the attacker was halfway around the world. volexity.com/blog/2024/11/2… #dfir
Check out the back of my new favorite @volexity shirt that I acquired at FTSCon last week! Using memory forensics to find 0days in network appliances and high value applications will never get old! #DFIR
Surge Collect Pro provides stable, secure memory and selective file acquisition across all major operating systems and cloud providers. It also supports PGP encrypted collections so only your DFIR team can access collected data. volexity.com/products-overv… #DFIR @Volexity
The whitepaper with full technical details can be found here: volexity.com/wp-content/upl…
Our talk from @defcon is now available! In the presented research, we document every EDR bypass technique used in the wild along with how to detect it using new memory forensics techniques and @volatility plugins. Feedback appreciated! youtube.com/watch?v=PmqvBe… #DFIR
Our talk from @defcon is now available! In the presented research, we document every EDR bypass technique used in the wild along with how to detect it using new memory forensics techniques and @volatility plugins. Feedback appreciated! youtube.com/watch?v=PmqvBe… #DFIR
The first in-person Malware & Memory Forensics Training focused solely on #Volatility3 kicked off today! #dfir #memoryforensics
For the first time, we are hosting an in-person, public offering of our Malware & Memory Forensics Training focused solely on #Volatility3! When & Where: October 22–25, 2024 Arlington, VA Read more in our latest blog post: volatilityfoundation.org/in-person-malw… #dfir #memoryforensics
Listening to @hexlogic giving a talk on Heuristically Detecting Modern #macOS #malware at From the Source #FTSCon #FTSCon2024 @volatility /@Volexity
Speaking now in the #FTSCon MAKER Track: Harlan Carvey (@HuntressLabs) is presenting “Design and Use of RegRipper 4.0” #dfir
Speaking now in the #FTSCon HUNTER Track: John Hammond (@HuntressLabs) is presenting “Malware ExtravaScamza” #dfir
Speaking now in the #FTSCon HUNTER Track: Jimmy Wylie (@DragosInc) is presenting “TRISIS to FrostyGoop: Misconceptions, Realities, and Skills in ICS Malware Analysis” #dfir
Now listening to @attrc giving a talk on Detecting and Defeating EDR Evading Malware with @volatility 3 #dfir #FTSCon #FTSCon2024 @Volexity
Now listening to @keydet89 from @HuntressLabs give a talk about the design and usage of RegRipper 😀 @volatility / @Volexity #dfir #FTSCon FTSCon2024
Speaking now in the #FTSCon HUNTER Track: Greg Lesnewich (@proofpoint) is presenting “Holding a GRUdge: Phishing Campaigns Outside the Warzone” #dfir
Speaking now in the #FTSCon MAKER Track: Andrew Case (@Volexity) is presenting “Detecting & Defeating EDR-Evading Malware with Volatility 3” #dfir
.@volatility New Release: #volatility3 v2.8.0 - visit github.com/volatilityfoun… for details and downloads. #memoryforensics #dfir
United States Trends
- 1. #LasVegasGP 212 B posts
- 2. Auburn 34,7 B posts
- 3. Bama 36,2 B posts
- 4. Lakers 39,1 B posts
- 5. Max Verstappen 104 B posts
- 6. Lewis 99,9 B posts
- 7. UCLA 10,5 B posts
- 8. Sainz 6.246 posts
- 9. Chuck Woolery 4.306 posts
- 10. Lando 31,9 B posts
- 11. Nuggets 30,6 B posts
- 12. Oklahoma 50,4 B posts
- 13. LAFC 3.500 posts
- 14. Jokic 20,5 B posts
- 15. Ferrari 55,3 B posts
- 16. #AEWFullGear 83,8 B posts
- 17. Milroe 17 B posts
- 18. George Russell 25,5 B posts
- 19. Love Connection 4.791 posts
- 20. Texas 148 B posts
Who to follow
-
volatility
@volatility -
Jamie Levy🦉
@gleeda -
Eric Zimmerman
@EricRZimmerman -
Lenny Zeltser
@lennyzeltser -
Bart
@bartblaze -
Sarah Edwards 👩🏻💻🐈⬛
@iamevltwin -
Didier Stevens
@DidierStevens -
Rob T. Lee
@robtlee -
Andrew Case
@attrc -
Chad Tilbury
@chadtilbury -
Seongsu Park
@unpacker -
Willi Ballenthin
@williballenthin -
Brian Carrier
@carrier4n6 -
Xylitol
@Xylit0l -
Kimberly
@StopMalvertisin
Something went wrong.
Something went wrong.