Volexity 

@volexity@infosec.exchange
641 Followers
6 Following
132 Posts
A security firm providing Incident Response, Proactive Threat Assessments, Trusted Advisory, and Threat Intelligence
Websitehttps://www.volexity.com
Bloghttps://www.volexity.com/blog
Twitterhttps://twitter.com/Volexity
LinkedInhttps://www.linkedin.com/company/volexity
Volexity Jun 18

@volexity Volcano Server & Volcano One v25.06.12 adds ~600 new YARA rules, new IOCs for fake registered antivirus & hooked Linux kernel functions, as well as support for custom post-processing bash scripts, segmented directory watching & database optimization.

Contact us for more information about Volcano Server & Volcano One: https://volexity.com/company/contact/.

Volexity Jun 5
volatilityJun 5

The Call for Presentations for From the Source 2025 is open! Our Makers Track is aimed at developers of open source DFIR tools and the Hunters track covers the best Threat Intel research of the past year. 



See the full details in our blog post: https://volatilityfoundation.org/announcing-ftscon-2025-in-person-malware-and-memory-forensics-training/

https://infosec.exchange/@volatility/114558453631998949

Volexity May 23
volatilityMay 23

We are excited to announce FTSCon 2025 on October 20, 2025, in Arlington VA! Registration is now OPEN + we have a Call for Speakers.

Following FTSCon will be a 4-day, in-person Malware & Memory Forensics Training course with Volatility 3.

See the full details in our blog post here: https://volatilityfoundation.org/announcing-ftscon-2025-in-person-malware-and-memory-forensics-training/

Volexity May 16

Congratulations to all of the Volatility contributors - this was no small feat! We are proud to be a sustaining sponsor of this important open-source project that remains the world’s most widely used memory forensics platform. #dfir

https://infosec.exchange/@volatility/114518094757806134

volatility (@volatility@infosec.exchange)

Attached: 1 image We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: https://volatilityfoundation.org/announcing-the-official-parity-release-of-volatility-3/

Infosec Exchange
Volexity May 16
volatilityMay 16
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: https://volatilityfoundation.org/announcing-the-official-parity-release-of-volatility-3/
Announcing the Official Parity Release of Volatility 3!

Visit the post for more.

The Volatility Foundation - Promoting Accessible Memory Analysis Tools Within the Memory Forensics Community
Volexity Apr 22

New on the @volexity Blog: Multiple Russian threat actors are leveraging Signal, WhatsApp, and a compromised Ukrainian government email address to impersonate EU officials. This latest round of phishing attacks abuses first-party Microsoft Entra apps and OAuth to compromise targets.

https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows

#dfir #threatintel

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows

Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) accounts of targeted individuals. This activity comes on the heels of attacks Volexity reported on back in February 2025, where Russian threat actors were discovered targeting users and organizations through Device Code Authentication phishing...

Volexity
Volexity Apr 1
In the course of its investigations, @volexity frequently encounters malware samples written in Golang. This reflects the increase in popularity of the Golang generally, and presents challenges to reverse engineering tools.
 
Today, @volexity is releasing GoResolver, open-source tooling to help reverse engineers understand obfuscated samples. @r00tbsd & Killian Raimbaud presented details at INCYBER Forum earlier today.
 
GoResolver uses control-flow graph similarity to identify library code in obfuscated code, leaving analysts with only malware functions to analyze. This saves time & speeds up investigations!
 
Check out the blog post on how GoResolver works and where to download it: https://www.volexity.com/blog/2025/04/01/goresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/
 
#dfir #reversing #malwareanalysis
GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically

In the course of its investigations, Volexity frequently encounters malware samples written in Golang. Binaries written in Golang are often challenging to analyze because of the embedded libraries and the sheer size of the resulting binaries. This issue is amplified when samples are obfuscated using tools such as Garble, an open-source Golang obfuscation tool.The popularity of Golang amongst malware developers, and the use of obfuscators to make reverse-engineering harder, raised the need for better tooling to assist in reverse-engineering efforts. Volexity developed GoResolver, an open-source tool...

Volexity
Volexity Mar 28
volatilityMar 28

The 2024 @volatility #PluginContest review is complete! We received 6 submissions from 6 countries for 7 #Volatility3 plugins, a Linux profile generation tool & 9 supporting utilities!

We are excited to announce that the @volatility #PluginContest First Place winner is:

Valentin Obst for btf2json

Read the full Contest Results:
https://volatilityfoundation.org/the-2024-volatility-plugin-contest-results-are-in

Congrats to all winners & thank you to all participants! 

#DFIR #memoryforensics

The 2024 Volatility Plugin Contest results are in!

  Results from the 12th Annual Volatility Plugin Contest are in! We received 6 submissions, from 6 different countries, that included 7 plugins, a Linux profile generation tool, and 9 supporti…

The Volatility Foundation - Promoting Accessible Memory Analysis Tools Within the Memory Forensics Community
Volexity Mar 5

@volexity regularly assists customers in combatting advanced threat actors, and we enjoy being able to assist our partners as well, including law enforcement & federal agencies like US Department of Justice, as we work together to combat these advanced cyber threats.

https://www.justice.gov/opa/pr/justice-department-charges-12-chinese-contract-hackers-and-law-enforcement-officers-global

#dfir #threatintel

Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns

The Justice Department, FBI, Naval Criminal Investigative Service, and Departments of State and the Treasury announced today their coordinated efforts to disrupt and deter the malicious cyber activities of 12 Chinese nationals, including two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), employees of an ostensibly private PRC company,

Volexity Feb 26

@volexity Volcano Server & Volcano One v25.02.21 adds 300 new YARA rules; consistent Bash/ZSH history & sessions from Linux/macOS memory and files; and parses Linux systemd journals, macOS unified logs, and Windows USNs (search + timeline for all).

This release also extracts cmd history from Windows 24H2 RAM; and adds admin options for SAML and S3 bucket watching. 



For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/

#dfir #memoryforensics #memoryanalysis

Contact

Volexity