PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Week 2 of the Month of Volatility Plugins is now posted

From: Andrew Case <atcuno () gmail com>
Date: Fri, 21 Sep 2012 10:04:03 -0500
Hello All,

I was writing to announce that week 2 of the month of Volatility
plugins is finished, and we now have five more in-depth blog posts
covering Windows and Linux internals and rootkit detection.

Post 1: Atoms (The New Mutex), Classes and DLL Injection

This Windows focused post covers investigating malware and
understanding infections by analyzing the atom tables.

http://volatility-labs.blogspot.com/2012/09/movp-21-atoms-new-mutex-classes-and-dll.html

Post 2: Malware in your Windows

This Windows focused post covers enumerating and analyzing windows in
the GUI subsystem.

http://volatility-labs.blogspot.com/2012/09/movp-22-malware-in-your-windows.html

Post 3: Event logs and Service SIDs

This Windows focused post demonstrates recovering event logs from
memory and calculating service SIDs.

http://volatility-labs.blogspot.com/2012/09/movp-23-event-logs-and-service-sids.html

Post 4: Analyzing the Jynx rootkit and LD_PRELOAD

This Linux focused post covers analyzing the Jynx rootkit as well as
generic methods for analyzing LD_PRELOAD based rootkits.

http://volatility-labs.blogspot.com/2012/09/movp-24-analyzing-jynx-rootkit-and.html

Post 5: Investigating In-Memory Network Data with Volatility

This Linux focused post goes through each of the Linux Volatility
plugins related to recovering network data from memory, such as
network connections, packets, and the routing cache.

http://volatility-labs.blogspot.com/2012/09/movp-25-investigating-in-memory-network.html

If you have any questions or comments on the posts, either leave a
comment on the respective post or be brave and reply to the list ;)

We will continue our daily blog posts, Monday through Friday, for the
next two weeks, so check back often if you have enjoyed these.

Thanks,
Andrew
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: