@volexity details how to use #memoryanalysis to detect EDR-nullifying malware. This latest blog post uses the #AVBurner malware, first documented by @TrendMicro, as an example. Read more here: https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/

#dfir #threatintel 

RT @Evild3ad79@twitter.com

MemProcFS-Analyzer v0.8 released! Updated User Interface w/ Status Bar and better OS Fingerprinting (incl. DC and Exchange). Added MUICache, BAM, Process Lineage Analysis, and much more analytics. #MemProcFS #MemoryAnalysis #DFIR
https://github.com/evild3ad/MemProcFS-Analyzer

🐦🔗: https://twitter.com/Evild3ad79/status/1617429647414775809

RT @Evild3ad79@twitter.com

MemProcFS-Analyzer v0.8 released! Updated User Interface w/ Status Bar and better OS Fingerprinting (incl. DC and Exchange). Added MUICache, BAM, Process Lineage Analysis, and much more analytics. #MemProcFS #MemoryAnalysis #DFIR
https://github.com/evild3ad/MemProcFS-Analyzer

🐦🔗: https://twitter.com/Evild3ad79/status/1617429647414775809

Since I started my #MSISE with SANS, I have taken some GREAT classes and learned so much, but THIS class is one of the top two I’ve been looking forward to the most (the other being FOR610/GREM planned for this summer)!

I am so excited to get started on #FOR508 - Advanced #IncidentResponse, #ThreatHunting, and #DigitalForensics- and prepare for my #GCFA this Spring!

Since Thanksgiving, I’ve also been working my way through a backlog of technical books I have, occasionally reference, but never dove into completely. I’m remedying that this year and made a promise to myself to sit down and read/work through my bookshelf. I can say that I’m already seeing the benefits of that effort, unlocking a few “a ha!” moments and further helping me refine my future professional plans.

When I took my first security class years ago, I immediately fell in love with the field. I knew I needed to do this with my career. I have found that feeling again in the last quarter as I spend more time studying #memoryanalysis and #reverseengineering. I took a really nontraditional path into these disciplines, and I have a lot of gaps in knowledge I’m constantly filling in, but I *love* learning this stuff.

Over 2/3 of the way through my masters…. The academic end is in sight, but the learning opportunities are infinite :)

RT @msuiche@twitter.com

🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀

DumpIt is now available as a Magnet Free Tools! Tell your friends, so they stop using unofficial builds 😂

#memoryanalysis https://twitter.com/magnetforensics/status/1613622876921380864

🐦🔗: https://twitter.com/msuiche/status/1613626039464493056

Volexity’s Robert Jan Mora was quoted in this article about the Bhima Koregaon case: https://www.washingtonpost.com/world/2022/12/13/stan-swamy-hacked-bhima-koregaon/. Perhaps one of the most interesting examples of a “trojan did it” scenario, the investigation shows why #memoryanalysis is critical for reconstructing the state of a compromised system.

Volexity’s Robert Jan Mora was quoted in this article about the Bhima Koregaon case: https://www.washingtonpost.com/world/2022/12/13/stan-swamy-hacked-bhima-koregaon/. Perhaps one of the most interesting examples of a “trojan did it” scenario, the investigation shows why #memoryanalysis is critical for reconstructing the state of a compromised system.

On the Digital Forensics Discord server the question came up on how to create a Windows profile for Volatility 2. Quick show of hands on who would be interested in a write up. #DFIR #volatility #memoryanalysis

@truekonrads @kdpryor you should look into Surge. It just works: https://www.volexity.com/products-overview/surge/

#dfir #memoryanalysis #linux #ram #malware