@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.
@stevenadair.bsky.social is back again!
Founder + President of Volexity leading a team of experts that deal w/ complex cyber intrusions from nation-state level intruders. His talk will cover a Chinese APT actor that Volexity tracks as UTA0388.
Check out the official agenda:
cyberwarcon.com
APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?
#FTSCon Speaker Spotlight: Juan Andrés Guerrero-Saade is presenting “From Threat Hunting to Threat Gathering” in the HUNTER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
We are excited to announce that we are hosting a second training course for #FTSCon week! Join @joegrand.bsky.social as he leads his popular 2-day Hardware Hacking Basics course on Oct. 21-22 in Arlington VA! Registration is now OPEN!
The Call For Speakers for #FTSCon closes tomorrow! Make sure to submit your talks before the deadline! This is a great opportunity to share your DFIR open source tools and investigation tales with leading experts in the field.
The stylized blue, orange and black Volexity Volcano logo is centered, with the Volcano wordmark below it. The words “by Volexity” appear below the Volcano logo. There is a dark blue banner in the upper left with white letters that read “New Release”. The background is a faded gray abstract illustration evoking smoke.
@Volexity.com Volcano Server & Volcano One v25.06.12 adds ~600 new YARA rules, new IOCs for fake registered antivirus & hooked Linux kernel functions, as well as support for custom post-processing bash scripts, segmented directory watching & database optimization. [1/2]
The Call for Presentations for From the Source 2025 is open! Our Makers Track is aimed at developers of open source DFIR tools and the Hunters track covers the best Threat Intel research of the past year.
See the full details in our blog post: volatilityfoundation.org/announcing-f...
I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!
rvasec.com/rvasec-14-sp...
We are excited to announce FTSCon 2025 on October 20, 2025, in Arlington VA! Registration is now OPEN + we have a Call for Speakers.
Following FTSCon will be a 4-day Malware & Memory Forensics Training course with Volatility 3.
See the full details here: volatilityfoundation.org/announcing-f...
New research from the team: Involves clever m365 OAuth tricks + phishing via Signal and WhatsApp to compromise accounts. #dfir #threatintel
I will be speaking at @kernelcon.bsky.social on Fri, Apr 3rd. The talk will cover previously-unreported features of the sedexp Linux malware found in the wild - including loading of a memory-only rootkit! Talk will cover how the rootkit was discovered & how to analyze with @volatilityfoundation.org
@volexity.com regularly assists customers in combatting advanced threat actors, and we enjoy being able to assist our partners as well, including LE & federal agencies like US DOJ, as we work together to combat these advanced cyber threats.
www.justice.gov/opa/pr/justi...
#dfir #threatintel
An image of the blue and orange Volexity Volcano logo with a New Release banner to announce the release of Volcano Server & Volcano One v25.02.21
@volexity.com Volcano Server & Volcano One v25.02.21 adds 300 new YARA rules; consistent Bash/ZSH history & sessions from Linux/macOS memory and files; and parses Linux systemd journals, macOS unified logs, and Windows USNs (search + timeline for all).
[1/2]
#dfir #memoryforensics #memoryanalysis
One of the main takeaways -- block device code authentication flow via conditional access 2/2
#Microsoft365 #DFIR #ThreatIntel
Check out the new blog: Russian APT adopts a well-known technique of m365 device code phishing. When combined with clever lures this technique proved to be extremely successful. 1/2
As seen in this guidance from NCSC published today, memory forensics continues to play a critical role in modern digital investigations! After almost 20 years, it's encouraging to still see the need for the amazing work by the #Volatility contributors!
It’s great to see NCSC drawing attention to the ongoing issues with network devices & appliances. Hopefully vendors heed the volatile data collection guidance “Volatile data logging should support collection of… memory both at a kernel and individual process level.”
www.ncsc.gov.uk/news/cyber-a...
If you will be at @wildwesthackinfest.bsky.social next week then be sure to attend my talk!
White House officials share intel with telecom executives on alleged Chinese cyber espionage operation #SaltTyphoon www.cnn.com/2024/11/23/p...
We presented on this last month at #FTSCon (IYKYK). Steven is also presenting today @CYBERWARCON. Really excited to finally share this research publicly! It's probably one of the more crazy/interesting IR engagements we've ever worked 🤯 #DFIR #ThreatIntel
Russian spies—likely Russia's GRU intelligence agency—used a new trick to hack a victim in Washington, DC: They remotely infected another network in a building across the street, hijacked a laptop there, then breached the target organization via its Wifi. www.wired.com/story/russia...
@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world.
Read more here: www.volexity.com/blog/2024/11...