#MemoryAnalysis

Volexity :verified:volexity@infosec.exchange
2025-02-26

@volexity Volcano Server & Volcano One v25.02.21 adds 300 new YARA rules; consistent Bash/ZSH history & sessions from Linux/macOS memory and files; and parses Linux systemd journals, macOS unified logs, and Windows USNs (search + timeline for all).

This release also extracts cmd history from Windows 24H2 RAM; and adds admin options for SAML and S3 bucket watching. 



For more information about Volcano Server & Volcano One, contact us: volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

An image of the blue and orange Volexity Volcano logo with a New Release banner to announce the release of Volcano Server & Volcano One v25.02.21
Volexity :verified:volexity@infosec.exchange
2024-09-18

@volexity Volcano Server & Volcano One v24.09.12 includes many new features:
 
• Adds 320 new YARA rules & IOCs for reverse shells on Linux
• Supports non-English unicode
• Extracts browser history from RAM
• Adds collected files into timelines & searches
• Parses IIS web logs, Linux syslogs, and Linux logon events
• Extends integration with MITRE ATT&CK + Splunk HEC
• Deploys collection tools to AWS EC2 and Azure VMs
• ...and much more!
 
For information about Volcano Server & Volcano One, contact us: volexity.com/company/contact/
 
#dfir #memoryforensics #memoryanalysis  

Volexity :verified:volexity@infosec.exchange
2024-05-17

@volexity Volcano Server & Volcano One v24.05.08 adds 45 new YARA rules, as well as new IOCs for out-of-tree kernel modules, hidden commands and startup scripts, and many more. This release also adds support for memory from Linux kernels 6.7+ and integrates with Windows Defender Antivirus for bulk scanning.

For more information about Volcano Server & Volcano One, contact us: volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

Volexity :verified:volexity@infosec.exchange
2024-04-18

@volexity Volcano Server & Volcano One v24.04.16 adds 75 new YARA rules, as well as new IOCs for hidden home folders, ncat reverse shells, system time changes, and many more. This release also recovers Linux user accounts, preserves dumped files for custom scans, and supports YARA 4.5.0 + PostgreSQL 16.

For more information about Volexity Volcano Server & Volcano One, contact us: volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

Volexity :verified:volexity@infosec.exchange
2024-04-16

Learn how to perform detection + triage of sophisticated malware against Windows 10+ systems using #Volatility3 from @volexity Director of Research & @volatility core developer @attrc at @bsidesseattle on April 27! Topics covered in his talk include process code injection, credential dumping, lateral movement, memory-only rootkits + anti-forensics concealment of malicious activity.

See the full conference schedule here: bsidesseattle.com/2024-schedul

#dfir #memoryforensics #memoryanalysis

Volexity :verified:volexity@infosec.exchange
2024-03-27

@volexity Volcano Server & Volcano One v24.03.21 adds 90 new YARA rules & new IOCs for macOS dylib injection, and expands deep binary inspection to Linux and macOS memory. This release also adds recovery of macOS user accounts, a dedicated tab for Windows scheduled tasks, and online release checks.

For more information about Volcano Server & Volcano One, contact us: volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

Volexity :verified:volexity@infosec.exchange
2024-01-19

@volexity Volcano Server & Volcano One v24.01.17 adds 150 new YARA rules, new IOCs for credential theft on Windows, and detection of new forms of code injection on Linux. This release also adds built-in artifact documentation, verbose details for MITRE labels, and expanded file collection templates.

For more information about Volcano Server & Volcano One, contact us: volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

:hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified:zodmagus@infosec.exchange
2023-12-06
Volexity :verified:volexity@infosec.exchange
2023-11-30

@volexity Volcano Server & Volcano One v23.11.22 adds direct cloud integrations + support for analyzing memory from Windows 23H2 & macOS Sonoma, and extends macOS persistence detection. This release also adds 50 new YARA rules & IOCs to detect Linux netfilter hooks, suspicious PE headers, Defender exclusions, netsh port proxies, and more.

For more information about Volcano Server & Volcano One, contact us: volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

Volexity :verified:volexity@infosec.exchange
2023-09-22

@volexity Volcano Server & Volcano One v23.09.16 adds 75 new YARA rules & IOCs to detect LNK malware, persistence via port monitors, Linux secret memory and Linux fileless malware. This release also adds alert timelines, a universal memory/disk registry API, extensive audit logs, automatic online updates, and MITRE ATT&CK integration.

For more information about Volcano Server & Volcano One, contact us: volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

2023-08-23

📢 New blog post alert! 📢

Check out our latest blog post "A Deep Dive into Penetration Testing of macOS Applications (Part 2)"! 🕵️‍♀️🖥️🔍

In this post, we discuss code signing mechanisms, code signature flags, and file and memory analysis techniques and tools. 💻🔒💡

Learn how to identify potential vulnerabilities and strengthen your macOS application security! 💪

Read the full article here: cyberark.com/resources/threat-

#macOS #cybersecurity #pentesting #infosec #blogpost #appsecurity #hardenedruntime #entitlements #fileanalysis #memoryanalysis #securityresearch

Volexity :verified:volexity@infosec.exchange
2023-07-14

@volexity Volcano Server & Volcano One v23.07.13 adds 100 new YARA rules and new IOCs to detect tampering with ETW, AMSI, Windows Defender, and the event logging system; brute force logins; redirected standard handles; and loads of modern Windows rootkit methods. This release also adds Linux kernel module scanning, the ability to group alerts by user, better visibility into MFT-resident data in memory, and new collection tools for all the latest versions of Windows, Linux, and macOS.

Contact us to learn more: volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

Volexity :verified:volexity@infosec.exchange
2023-05-24

@volexity Volcano Server and Volcano One v23.05.19 adds 125 new YARA rules; many new IOCs, including process ghosting; integration of Windows registry and event logs into API and timeline results; and a refactored UI/UX alert pane. This release also includes significant improvements to filtering and grouping artifacts; support for multiple API keys with expirations and activity tracking (for SOARs and custom scripts); and compatibility with Amazon Linux 2023 and PostgreSQL 15.

Contact us to learn more: volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

Volexity :verified:volexity@infosec.exchange
2023-03-07

@volexity details how to use #memoryanalysis to detect EDR-nullifying malware. This latest blog post uses the #AVBurner malware, first documented by @TrendMicro, as an example. Read more here: volexity.com/blog/2023/03/07/u

#dfir #threatintel 

2023-01-14
Volexity :verified:volexity@infosec.exchange
2022-12-19

Volexity’s Robert Jan Mora was quoted in this article about the Bhima Koregaon case: washingtonpost.com/world/2022/. Perhaps one of the most interesting examples of a “trojan did it” scenario, the investigation shows why #memoryanalysis is critical for reconstructing the state of a compromised system.

Beercow :python: :verified:Beercow@infosec.exchange
2022-11-28

On the Digital Forensics Discord server the question came up on how to create a Windows profile for Volatility 2. Quick show of hands on who would be interested in a write up. #DFIR #volatility #memoryanalysis

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst