Twitter | Search | |
Search Refresh
Brian Caswell Jun 10
Released a x86_64 userland volatile memory acquisition tool for linux today. #
Reply Retweet Like
Ali Hadi Jun 19
Also, if you acquire Linux memory using Microsoft AVML, do not use the "--compress" switch, because will not be able to find a suitable address space, because it is compressed.
Reply Retweet Like
Mate Malice Mar 18
Big thanks to all the organisers, sponsors & volunteers @ - it was a great event and the incident response challenge organised by the Aust Cyber Security Centre highlighted the importance of to & !
Reply Retweet Like
Jamie Brummell Aug 7
Reply Retweet Like
Matt Suiche Aug 5
Raw memory dumps are really garbage. Prioritize formats like Microsoft crash dumps or ELF core dumps if you have the choice. Whoever says or teaches you raw dumps are the best doesn't know what he is talking about.
Reply Retweet Like
sudo runit-init 6 Apr 17
Nightly Thought: Suspicious Service Host-based: mmc, sc query, PowerShell, registry hive (ImagePath/ServiceDll) a. svcscan, volshell, printkey b. Verify and compare if service is running c. Compare against known good binaries
Reply Retweet Like
Barnaby Skeggs Aug 5
Looks like the release location for winpmem has changed? Didn't know there was a v3+ as I was relying on the releases page. I had issues (error: -8) extracting aff4 to raw with the mac .app, but Windows exe worked correctly.
Reply Retweet Like
Adli Bilişim Uzmanı Mar 17
Reply Retweet Like
SportsAchiever Dec 17
Got a lot on your to-do list this week? Read this article below to find out the new magic trick to making sure you remember everything!
Reply Retweet Like
ChegehG Apr 30
Reply Retweet Like
Eguardian Global Services Dec 9
Just one week left to sign for our training on Memory Forensics. Hurry! Reserve your seat today. Call us at +94 768 004 009
Reply Retweet Like
atalay Jul 13
Reply Retweet Like
Aham Brahmasmi Jul 19
Reply Retweet Like
Matt Suiche Jun 24
Imagine if you had a command that acquire the memory of a remote Linux server, send it for analysis to a platform and then provide you data visualization. 🤯That'd be crazy! I just successfully did that with Linux Shielded VMs
Reply Retweet Like
Securisec 🚀 Dec 16
"RT RT msuiche: Hyper-V research seems to be trendy now, so I decided to open-source a user-mode utility (LiveCloudKd) I wrote in 2010 for Hyper-V Virtual Machines. Thanks to gerhart_x for the recent contributions! "
Reply Retweet Like
Gaurav Pal Jan 27
Any Win7/10 memory dumps repository for learning and detecting more with Volatility? I am preferring any malware infected image where I can find many many artefacts... The one in volatility website Win 7 image does not exist
Reply Retweet Like
Joseph McCray Aug 19
Reply Retweet Like
Strategic Security Aug 18
Read our educative and interesting blog. How to Inspect Process Hallowing?
Reply Retweet Like
SANS DFIR Aug 16
in is one month away! Register for the new boot camp with Alissa Torres & learn the latest in advanced |September 9th - September 14th|
Reply Retweet Like
volatility Aug 15
REMINDER: The and are open! Deadline is 1 October 2019. Cash prizes! More info here:
Reply Retweet Like