"btf2json can generate Volatility 3 profiles from a stripped Linux kernel, i.e., without debugging information, and its System.map file."
https://github.com/vobst/btf2json
https://volatilityfoundation.org/the-2024-volatility-plugin-contest-results-are-in/
The 2024 @volatility #PluginContest review is complete! We received 6 submissions from 6 countries for 7 #Volatility3 plugins, a Linux profile generation tool & 9 supporting utilities!
We are excited to announce that the @volatility #PluginContest First Place winner is:
Valentin Obst for btf2json
Read the full Contest Results:
https://volatilityfoundation.org/the-2024-volatility-plugin-contest-results-are-in
Congrats to all winners & thank you to all participants!
#DFIR #memoryforensics
On Thursday, Feb 6, @attrc will be at @WWHackinFest to present "Effectively Detecting Modern Code Injection Techniques with Volatility 3". See the full conference agenda here: https://wildwesthackinfest.com/wild-west-hackin-fest-at-mile-high-2025/agenda-for-wwhf-mile-high-2025/. #dfir #memoryforensics #Volatility3 @volatility
@volatility New Release: #volatility3 v2.11.0 - visit https://github.com/volatilityfoundation/volatility3/releases for details and downloads.
.@volatility New Release: #volatility3 v2.8.0 - visit https://github.com/volatilityfoundation/volatility3/releases for details and downloads.
And the winner is Mariano Graziano, who has won a pass to #FTSCon and a seat in the upcoming in-person Malware & Memory Forensics Training on #Volatility3! Thanks to all who shared photos as we celebrate 10 years of The #ArtOfMemoryForensics!
To celebrate the 10th anniversary of The #ArtOfMemoryForensics, we are giving away 1 seat at the upcoming in-person Malware & Memory Forensics Training on #Volatility3 with a pass to From The Source #FTSCon! Just post a pic of your book & tag @volatility!
For more information on the upcoming in-person Malware & Memory Forensics Training on #Volatility3 happening in Arlington VA October 22-25, 2024: https://events.humanitix.com/malware-and-memory-forensics-training-on-volatility-3
For more information on From The Source #FTSCon, hosted by the @volatility Foundation in Arlington VA on Monday, October 21, 2024: https://events.humanitix.com/from-the-source-hosted-by-the-volatility-foundation
The winner will be selected at random on August 31, 2024 from all posts (across Twitter/X, LinkedIn & Mastodon) that feature a pic of their copy of The #ArtOfMemoryForensics that tags @volatility.
For the first time, we are hosting an in-person, public offering of our Malware & Memory Forensics Training focused solely on #Volatility3!
When & Where:
October 22–25, 2024
Arlington, VA
Read more in our latest blog post: https://volatilityfoundation.org/in-person-malware-and-memory-forensics-training-on-volatility-3-october-2024/
#dfir #memoryforensics
There are 2 upcoming #BlackHat #training sessions led by @volatility core devs & @volexity team members Andrew Case (@attrc) & Dave Lassalle! Learn how to triage modern malware using #Volatility3!
Aug 3-4: https://www.blackhat.com/us-24/training/schedule/#malware-detection-and-triage-with-volatility--36794
Aug 5-6: https://www.blackhat.com/us-24/training/schedule/#malware-detection-and-triage-with-volatility--367941705525835
#dfir #memoryforensics
@volatility New Release: #volatility3 v2.7.0 - visit https://github.com/volatilityfoundation/volatility3/releases for details and downloads.
#memoryforensics #dfir
Learn how to perform detection + triage of sophisticated malware against Windows 10+ systems using #Volatility3 from @volexity Director of Research & @volatility core developer @attrc at @bsidesseattle on April 27! Topics covered in his talk include process code injection, credential dumping, lateral movement, memory-only rootkits + anti-forensics concealment of malicious activity.
See the full conference schedule here: https://www.bsidesseattle.com/2024-schedule.html
The 2023 #Volatility #PluginContest review is complete! We received 9 submissions from 7 countries for 27 plugins, 3 translation layers & 2 supporting utilities!
And the @volatility #PluginContest First Place winner is:
Valentin Obst: BPF Memory Forensics with Volatility 3
You can read the full Contest Results here: https://volatilityfoundation.org/the-2023-volatility-plugin-contest-results-are-in/
Congrats to all winners & thank you to all participants!
We are also excited to announce in-person Malware & Memory Forensics Training on #Volatility3 is coming October 2024! AND the @volatility Foundation is hosting a one-day summit in conjunction with the training!
See details in the Contest Results post: https://volatilityfoundation.org/the-2023-volatility-plugin-contest-results-are-in/
@volatility New Release: #volatility3 v2.5.2 - visit https://github.com/volatilityfoundation/volatility3/releases for details and downloads.
@volatility New Release: #volatility3 v2.5.0 - visit https://github.com/volatilityfoundation/volatility3/releases for details and downloads.
New blog post – #MemoryForensics R&D Illustrated: Recovering Raw Sockets on Windows 10+. We present our recent research to modernize @volatility’s ability to detect usage of raw sockets by malicious apps + creation of a new #Volatility3 plugin: https://volatility-labs.blogspot.com/2023/08/memory-forensics-r-d-illustrated-recovering-raw-sockets0-on-windows-10.html
@volatility New Release: #volatility3 v2.4.1 - visit https://github.com/volatilityfoundation/volatility3/releases for details and downloads.
In the latest @volatility blog post, Memory Forensics R&D Illustrated: Detecting Hidden Windows Services, we walk through our R&D process to develop a new #Volatility3 plugin that automatically detects hidden services on Windows: https://volatility-labs.blogspot.com/2023/03/memory-forensics-r-d-illustrated-detecting-hidden-windows-services.html
My kingdom for an unstripped kernel image!
I finished day 10 this morning and just completed day 11 of the #TryHackMe #AdventOfCyber2022 challenge.
Day 11 focuses on analyzing a memory dump of a compromised machine using the #Python #infosec tool, #Volatility3.
This was a very straightforward challenge, which I enjoyed. I used my extra time to play around with other options that weren't explored in the tasks of the challenge. Very worthwhile and another tool for my tool chain.
