Hypervisors for Memory Introspection and Reverse Engineering:

https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html

#reverveengineering #infosec #hypervisor #memoryanalysis #windows #rust

Hypervisors for Memory Introspection and Reverse Engineering:

https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html

#reverveengineering #infosec #hypervisor #memoryanalysis #windows #rust

@volexity Volcano Server & Volcano One v25.02.21 adds 300 new YARA rules; consistent Bash/ZSH history & sessions from Linux/macOS memory and files; and parses Linux systemd journals, macOS unified logs, and Windows USNs (search + timeline for all).

This release also extracts cmd history from Windows 24H2 RAM; and adds admin options for SAML and S3 bucket watching. 



For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

@volexity Volcano Server & Volcano One v24.05.08 adds 45 new YARA rules, as well as new IOCs for out-of-tree kernel modules, hidden commands and startup scripts, and many more. This release also adds support for memory from Linux kernels 6.7+ and integrates with Windows Defender Antivirus for bulk scanning.

For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

@volexity Volcano Server & Volcano One v24.04.16 adds 75 new YARA rules, as well as new IOCs for hidden home folders, ncat reverse shells, system time changes, and many more. This release also recovers Linux user accounts, preserves dumped files for custom scans, and supports YARA 4.5.0 + PostgreSQL 16.

For more information about Volexity Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

Learn how to perform detection + triage of sophisticated malware against Windows 10+ systems using #Volatility3 from @volexity Director of Research & @volatility core developer @attrc at @bsidesseattle on April 27! Topics covered in his talk include process code injection, credential dumping, lateral movement, memory-only rootkits + anti-forensics concealment of malicious activity.

See the full conference schedule here: https://www.bsidesseattle.com/2024-schedule.html

#dfir #memoryforensics #memoryanalysis

@volexity Volcano Server & Volcano One v24.03.21 adds 90 new YARA rules & new IOCs for macOS dylib injection, and expands deep binary inspection to Linux and macOS memory. This release also adds recovery of macOS user accounts, a dedicated tab for Windows scheduled tasks, and online release checks.

For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

@volexity Volcano Server & Volcano One v24.01.17 adds 150 new YARA rules, new IOCs for credential theft on Windows, and detection of new forms of code injection on Linux. This release also adds built-in artifact documentation, verbose details for MITRE labels, and expanded file collection templates.

For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis