Diving back in to using Graphistry to visualize Volatility artifacts over the past few days has really sparked my desire to get back in to creating tools and infrastructure for research purposes. I still strongly feel that graph database tools are significantly underutilized in the InfoSec space.

This has also given me a desire to write some blog posts documenting my thoughts and progress as I go through building out this memory analysis concept. There is one problem though and that is I am a terrible blogger. I have only one published blog post and like 10 sitting in drafts...   

https://medium.com/data-science/deceiving-your-mind-with-your-eyes-17c1a9bc48fb

So those of you who have known me for a while know I have had a love affair with graph viz for a number of years now. I have always had this dream of running Volatility on a memory dump and then graphing the relationships between all of the artifacts, but I have never had the time to actually sit down and build the concept.

I have now been experimenting with Claude (begrudgingly) to get more familiar with it over the past few days and decided that my Volatility concept might be a good test of its capabilities. Man I am telling you I got sucked into the rabbit hole so fast I just now remembered to hydrate...  

This is the Volatility module output normalized, ingested into Neo4j, and then visualized in Graphistry. 😍 Nodes colored by Louvain community. Need to run this on a memdump of an infected machine next!

I can now see how intelligently utilizing Claude as an assistant can be such a force multiplier. Opus 4.6 is unlike any version I have tried before and actually produces useable code.

I'm on the hunt to join a good team! 🔍

Seeking: Threat Intel/IR Analyst or Security Automations Engineer positions

If any of my friends or mutuals know of any opportunities, please let me know or share for reach! 🫶

For any of my friends that use a Logitech mouse/keyboard on a Mac. If your app won't load and all of your settings are gone, there was a certificate that expired that borked everything. A fix has been released that you just install over the existing app that should get it working again.

#logitech #MXmaster

https://support.logi.com/hc/en-us/articles/37493733117847-Options-and-G-HUB-macOS-Certificate-Issue

This has the potential to get pretty bad...

https://www.reversinglabs.com/blog/shai-hulud-worm-npm

#ShaiHulud #malware