I am excited to announce that I will be speaking at BSides Nashville on May 15th. Be sure to attend to see all the latest Volatility 3 (@volatilityfoundation.org) plugins against the most sophisticated and devastating malware from the wild!
bsidesnash.org
Memory-only malware leaves no trace on the file system and is commonly used by threat actors ranging from criminal organizations to ransomware operators to APT groups. In our Volatility 3 training, students gain deep hands on experience analyzing such threats:
memoryanalysis.net/courses-malw...
We are excited to announce the First Place winner of the 2025 #Volatility #PluginContest is:
Daniel Baier for XRFM Inspector
See the full Contest Results in our blog post: volatilityfoundation.org/the-2025-vol...
Congrats to all winners & thank you to all participants!
#DFIR #memoryforensics
@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.
@volexity.com has continued to see nation-state threat actors use AI + LLMs to assist in cyber attacks. Our recent research on a Chinese APT threat actor (UTA0388) using AI in its operation was something @stevenadair.bsky.social recently discussed with the @wsj.com.
We had a great day yesterday at #FTSCon 2025! FTSCon Week continues with @joegrand.bsky.social's Hardware Hacking Basics + #Volatility Malware & Memory Forensics training with @attrc.bsky.social, Michael Ligh + Dave Lassalle.
We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...
The full lineup for our From the Source event is out! The event take places on October 20th in Arlington, VA. Joe Grand will keynote followed by an amazing speaker line up across two tracks. All proceeds will be donated to Connect Our Kids. volatilityfoundation.org/from-the-sou...
With Volcano, security teams can automate the entire workflow of acquisition of memory and select files to deep analysis to automated alerts that directly point to signs of memory only malware and attacker activity throughout RAM and key artifacts sources from disk.
#FTSCon Speaker Spotlight: Joe FitzPatrick (@securelyfitz.bsky.social) is presenting “Rethinking DMA Attacks with Erebus” in the MAKER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
#FTSCon Speaker Spotlight: Andrew Case (@attrc.bsky.social) is presenting “Detection and Analysis of Memory-Only Linux Rootkits” in the MAKER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
I am very happy to announce that @volexity.com will be well represented at @bsidesnyc.org! David McDonald will be speaking on his latest automated Powershell Deobfuscation research & I will present the latest Volatility 3 advancements against sophisticated Windows malware:
bsidesnyc.org/schedule/
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
We have converted the online course fully to Volatility 3 while also adding a significant amount of new materials and labs. Please see our blog post announcing this:
volatilityfoundation.org/announcing-t...
At @bsidesorl.bsky.social, David McDonald and I will be delivering a hands-on workshop on using @volatilityfoundation.org 3 to detect sophisticated, memory-only malware as seen in the wild. Sign up ASAP before it fills!
CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!!
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
If you will be at @bsideslv.org on Monday, then be sure to check out David's talk on automated detection and de-obfuscation of malicious Powershell scripts!
bsideslv.org/talks#LBQDEB
This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
I am excited to announce that I will be speaking at
@hou-sec-con.bsky.social at the end of September in Houston! Be sure to check out my talk on Tuesday morning and my friend @mayahustle.bsky.social's talk on Wednesday afternoon. Full agenda at the following link:
web.cvent.com/event/9ba9c5...
Super excited to help @attrc.bsky.social teach memory forensics at a @defcon.bsky.social workshop this year!
I'll also be at @bsideslv.org earlier in the week as well so if you run into me please say hi! (And I will have cool stickers)
#LSU cyber students will teach new ways to fight malware at the world’s largest and longest-running hacking conference @defcon.bsky.social
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org
With Volcano for analysis and Surge Collect Pro for acquisition, you can automatically check your critical systems for signs of malware and attacker toolkits across memory and key artifact sources from disk. Contact us if you would like to schedule a virtual demo or one in person in Vegas!
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
The CFP for our 2nd annual From the Source event is now open! The event includes two tracks, the first for Makers of open source DFIR tools and the second for Hunters who have performed the most interesting investigations of the last year.
volatilityfoundation.org/announcing-f...
Our highly popular and technical training, "Malware and Memory Forensics with Volatility", has been fully converted to @volatilityfoundation.org 3 and significantly updated, including many new sections and 8 new, in-depth labs. Available online & in VA in October
memoryanalysis.net/courses-malw...
I tried to strike a balance in this story between the dangers I was hearing about AI-assisted and "vibe coded" software and the hard, cold reality that there's probs no going back and this is going to be (if it isn't already) the "new normal" for huge chunks of software development.
Check it out!
