Collaborate Disseminate
This is a quick update to announce that the 2016 Volatility Plugin contest is now live and accepting submissions until October 1st. Winners of this year’s contest will be receiving over $2,000 in cash prizes as well as plenty of Volatility swag (t-s… Continue reading The 2016 Volatility Plugin Contest is now live!
This is a quick update to announce that the 2016 Volatility Plugin contest is now live and accepting submissions until October 1st. Winners of this year’s contest will be receiving over $2,000 in cash prizes as well as plenty of Volatility swag (t-s… Continue reading The 2016 Volatility Plugin Contest is now live!
This is a guest post from Martin Korman, author of VolatilityBot.
Lately, I’ve found myself manually unpacking different versions of the same malware in order to perform static analysis with IDA and BinDiff. Therefore, I’ve decided to write a small s… Continue reading Guest Post: Martin Korman (VolatilityBot – An Automated Malicious Code Dumper)
This is a guest post from Martin Korman, author of VolatilityBot.
Lately, I’ve found myself manually unpacking different versions of the same malware in order to perform static analysis with IDA and BinDiff. Therefore, I’ve decided to write a small s… Continue reading Guest Post: Martin Korman (VolatilityBot – An Automated Malicious Code Dumper)
At OSDFCon last week, we discussed a case study showing how we identified manipulated memory artifacts in an infected environment. We were then able to rapidly introduce new capabilities to Volatility that could be used proactively in other environment… Continue reading PlugX: Memory Forensics Lifecycle with Volatility
At OSDFCon last week, we discussed a case study showing how we identified manipulated memory artifacts in an infected environment. We were then able to rapidly introduce new capabilities to Volatility that could be used proactively in other environment… Continue reading PlugX: Memory Forensics Lifecycle with Volatility
The competition this year was fierce! We received 12 plugins to the contest. Similar to last year, ranking the submissions was one of the hardest things we’ve had to do. Each plugin is unique in its own way and introduces a capability to open sourc… Continue reading Results from the 2015 Volatility Plugin Contest are in!
The competition this year was fierce! We received 12 plugins to the contest. Similar to last year, ranking the submissions was one of the hardest things we’ve had to do. Each plugin is unique in its own way and introduces a capability to open sourc… Continue reading Results from the 2015 Volatility Plugin Contest are in!
I recently stumbled upon the TeamViewer-dumper-in-CPP project, which shows just how easy it is to recover TeamViewer IDs, passwords, and account information from a running TV instance by enumerating child windows (on a live machine). The method is based on sending a WM_GETTEXT message to the TV GUI controls that contain the credentials. In particular, we’re looking for the two fields under the " Continue reading Recovering TeamViewer (and other) Credentials from RAM with EditBox
I recently stumbled upon the TeamViewer-dumper-in-CPP project, which shows just how easy it is to recover TeamViewer IDs, passwords, and account information from a running TV instance by enumerating child windows (on a live machine). The method is based on sending a WM_GETTEXT message to the TV GUI controls that contain the credentials. In particular, we’re looking for the two fields under the " Continue reading Recovering TeamViewer (and other) Credentials from RAM with EditBox