🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

I will be speaking at kernelcon on Fri, Apr 3rd. The talk will cover previously-unreported features of the sedexp Linux malware found in the wild - including loading of a memory-only rootkit! Talk will cover how the rootkit was discovered & how to analyze with volatility 3.

I will be speaking on volatility 3 next Saturday at BSides San Diego! Let me know if you will be around.

The sedexp Linux malware was disclosed in late 2024. In my talk at kernelcon, I will present my own deep dive of the malware, including many parts that have not been made public, such as loading of a memory-only rootkit. Be sure to attend for a tearndown with volatility 3!

The 2024 volatility #PluginContest review is complete! We received 6 submissions from 6 countries for 7 #Volatility3 plugins, a Linux profile generation tool & 9 supporting utilities! We'll highlight each #Contender then announce winners on Friday, Mar 28. #DFIR #memoryforensics

We are excited to announce that the volatility #PluginContest First Place winner is: Valentin Obst for btf2json Read the full Contest Results: volatilityfoundation.org/the-2024-volat… Congrats to all winners & thank you to all participants! #DFIR #memoryforensics

As highlighted this week, the #PluginContest demonstrates that #memoryforensics researchers continue to innovate + contribute to volatility! Special thanks to the core developers & previous winners who helped review submissions.

Today, Volexity released GoResolver, open-source tooling to assist reverse engineers with obfuscated Golang samples. Paul Rascagnères & Killian Raimbaud presented details at INCYBER Forum earlier today. Learn how GoResolver works + where to download it: volexity.com/blog/2025/04/0… #dfir

Check out this great research and new open source tool by our threat intel team!

New research from the team: Involves clever m365 OAuth tricks + phishing via Signal and WhatsApp to compromise accounts. #dfir #threatintel

We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/announcing-the…

Congratulations to all of the Volatility contributors - this was no small feat! We are proud to be a sustaining sponsor of this important open-source project that remains the world’s most widely used memory forensics platform. #dfir

I will be showing off @Volatility 3 during my talk on Wednesday afternoon at RVAsec. Be sure to attend and come say hello if you will be around!

We are excited to announce FTSCon 2025 on October 20, 2025, in Arlington VA! Registration is now OPEN + we have a Call for Speakers. Following FTSCon will be a 4-day Malware & Memory Forensics Training course with Volatility 3. See the full details here: volatilityfoundation.org/announcing-fts…

The Call for Presentations for From the Source 2025 is open! Our Makers Track is aimed at developers of open source DFIR tools and the Hunters track covers the best Threat Intel research of the past year. See the full details in our blog post: volatilityfoundation.org/announcing-fts…

The Call for Presentations for From the Source 2025 is open! Our Makers Track is aimed at developers of open source DFIR tools and the Hunters track covers the best Threat Intel research of the past year. See the full details in our blog post: volatilityfoundation.org/announcing-fts…

Our highly popular and technical training, "Malware and Memory Forensics with Volatility", has been fully converted to volatility 3 and significantly updated, including many new sections and 8 new, in-depth labs. Available online and in VA in October. memoryanalysis.net/courses-malwar…

I am *very* excited to announce that the workshop I submitted to DEF CON along with LSU PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.