The sedexp Linux malware was disclosed in a short report from Aon late last year. In my upcoming talk at Kernelcon, I will be presenting my own deep dive analysis of the malware, including finding many components that have never been publicly discussed - including loading of a self contained, memory-only rootkit and a significant set of hooks throughout the system. Be sure to attend if you want to see a rootkit torn apart plus the latest Volatility 3 plugins for Linux rootkit analysis!
The Volatility Foundation
软件开发
A 501(c)(3) non-profit organization that maintains & promotes open source memory forensics with The Volatility Framework
关于我们
In 2007, the first version of The Volatility Framework was released publicly at Black Hat DC. The software was based on years of published academic research into advanced memory analysis and forensics. Until that point, digital investigations had focused on finding contraband within hard drive images. Volatility introduced people to the power of analyzing the runtime state of a system using data found in volatile storage (RAM). It provided a cross-platform, modular, extensible platform to encourage further work into this exciting area of research. A major goal of the project was to encourage collaboration, innovation, and accessibility to knowledge that had been common within offensive software communities. Since then, memory analysis has become a critical topic to the future of digital investigations. The project is supported by one of the largest and most active communities in the forensics industry. Volatility provides a unique platform that enables cutting-edge research to be immediately transitioned into the hands of digital investigators. As a result, research built on top of Volatility has appeared at top academic conferences, and Volatility has been used on some of the most critical investigations of the past decade. It is an indispensable digital investigation tool relied upon by law enforcement, military, academia, and commercial investigators around the world. Volatility development is supported by The Volatility Foundation, an independent 501(c)(3) non-profit organization. The Foundation was established to promote the use of Volatility and memory analysis within the forensics community; defend the project's intellectual property (trademarks, licenses, etc.) and longevity; and help advance innovative memory analysis research. The Foundation was formed to help protect the rights of developers who sacrifice their time and resources to make the world’s most advanced memory forensics platform free and open source.
- 网站
-
https://www.volatilityfoundation.org
The Volatility Foundation的外部链接
- 所属行业
- 软件开发
- 规模
- 2-10 人
- 类型
- 非营利机构
The Volatility Foundation员工
动态
-
I will be speaking at BSides San Diego next Saturday. Let me know if you will be around!
On March 29th, I will be speaking at BSides San Diego on Volatility 3, including all its new features and plugins. Be sure to attend to catch a sneak peek at the new framework before the major release later this Spring! https://www.bsidessd.org/ #DFIR #infosec
-
I am very much looking forward to speaking at HackNWA and then attending Walmart's Sp4rkC0n the following day. Let me know if you will be around!
Friday April 11th 2025 from 8am-6pm?NWACC Shewmaker Center for Workforce Technologies in Bentonville, AR we are pleased to bring you HackNWA Conference: Sock Puppet Tycoon?-?Disposable Machine, Network, Server, Client and Identity; Make frens and influence ppl To?maximize awesomeness, convenience and value, the event is the day before?Sp4rkCon?(Saturday April 12th 2025) - the venues are literally across the highway from each other. This year we have an improved venue, TWO tracks with an incredible guest speaker lineup, activities, panelists, exhibits, afterparty concert and more! Lunch will be provided and we will have a QA?Panel of PWN?at that time where you can ask our panelist hackers the questions you have been seeking answers for. Activities include Solder Village, Badge/Hardware Hacking, Exhibits and Challenges. We are also having a?Nerdcore concert at 7:30PM ?after the main conference event. Register here: https://lnkd.in/grCZuNm8 I would like to thank our speakers: Andrew Case Marina Ciavatta Mike Debreceni Charles Fair Moses Frost Robert Hawes Andy Lewis Tim MalcomVetter David M. Chad Seaman Christopher Williams As well as last year's speakers since this is our first post on here: Jimi Allee Michael R. Brown Richard Clark Danil Karandin Rod Soto Jonathan Voss Conference NFO: https://lnkd.in/gFnjw3gb Afterparty Concert: https://lnkd.in/gzwinUsN #cyber #security #infosec #hacking #conference #Sp4rkCon #Bentonville
-
-
I will be speaking at Kernelcon on Friday, April 3rd. The presentation will cover previously-unreported features of the sedexp Linux malware found in the wild - including loading of a memory-only rootkit! The presentation will showcase how the rootkit was discovered during our research and how to analyze it with Volatility 3. Be sure to attend! https://lnkd.in/gR_-Ncpk
-
The 2005 DFRWS Windows memory forensics challenge spawned a generation of DFIR researchers, and the 2008 Linux memory forensics challenge is what led me to get involved with The Volatility Foundation. The 25th anniversary event will be held in Chicago this summer and promises to be an incredible time https://lnkd.in/gySjZsVk
-
On March 29th, I will be speaking at BSides San Diego on Volatility 3, including all its new features and plugins. Be sure to attend to catch a sneak peek at the new framework before the major release later this Spring! https://www.bsidessd.org/ #DFIR #infosec
-
As seen in this guidance from National Cyber Security Centre published today, memory forensics continues to play a critical role in modern digital investigations! After almost 20 years, it's encouraging to still see the need for the amazing work by the #Volatility contributors!
The UK and international allies have today issued new guidelines to help manufacturers of edge devices – like routers, smart appliances, and IoT devices – make their products more secure and easier to investigate after a cyber attack. With edge devices increasingly targeted by sophisticated hackers, the new guidance urges manufacturers to include standard logging and forensic features by default, helping defenders detect threats and investigate breaches more effectively. Read more?? https://lnkd.in/gp5mGKR6
-
On Thursday, Feb 6, Andrew Case will be at Wild West Hackin' Fest to present "Effectively Detecting Modern Code Injection Techniques with Volatility 3". See the full conference agenda here: https://lnkd.in/gm4BN3xc. #dfir #memoryforensics #Volatility3 The Volatility Foundation
-
-
Volatility New Release: #volatility3 v2.11.0 - visit https://lnkd.in/eqs3s7dD for details and downloads. #memoryforensics #dfir
-
-
The 2024 #Volatility?#PluginContest ends tomorrow! Don't miss the chance to gain visibility for your work, contribute to an important open source project + win cash prizes! Submission details are here: https://lnkd.in/edXdvJ2A #dfir #memoryforensics
-