Diaries by Keyword: memory analysis

DateAuthorTitle

MEMORY ANALYSIS

2012-09-19Kevin ListonVolatility: 2.2 is Coming Soon
2009-07-26Jim ClausingNew Volatility plugins
2008-12-13Jim ClausingFollowup from last shift and some research to do.
2008-11-17Jim ClausingFinding stealth injected DLLs

MEMORY

2014-03-11Basil Alawi S.TaherIntroduction to Memory Analysis with Mandiant Redline
2014-03-07Tom WebbLinux Memory Dump with Rekall
2013-12-12Basil Alawi S.TaherAcquiring Memory Images with Dumpit
2013-05-23Adrien de BeaupreMoVP II
2013-01-03Bojan ZdrnjaMemory acquisition traps
2012-09-19Kevin ListonVolatility: 2.2 is Coming Soon
2012-05-07Guy BruneauiOS 5.1.1 Software Update for iPod, iPhone, iPad
2010-04-02Guy BruneauFirefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2009-07-26Jim ClausingNew Volatility plugins
2009-02-05Rick WannerMandiant Memoryze review, Hilighter, other Mandiant tools!
2009-01-02Rick WannerTools on my Christmas list.
2008-12-13Jim ClausingFollowup from last shift and some research to do.
2008-11-22G. N. WhitePicture Printing Kiosks & Flash Memory Devices
2008-11-17Jim ClausingFinding stealth injected DLLs

ANALYSIS

2014-04-21Daniel WesemannFinding the bleeders
2014-03-13Daniel WesemannWeb server logs containing RS=^ ?
2014-01-14Chris MohanSpamming and scanning botnets - is there something I can do to block them from my site?
2013-10-28Daniel WesemannExploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-06-18Russ McReeVolatility rules...any questions?
2013-05-11Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-03-09Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03Lorna HutchesonIs it Really an Attack?
2013-01-08Jim ClausingCuckoo 0.5 is out and the world didn't end
2012-12-02Guy BruneauCollecting Logs from Security Devices at Home
2012-09-19Kevin ListonVolatility: 2.2 is Coming Soon
2012-09-14Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-21Russ McReeAnalysis of drive-by attack sample set
2012-06-04Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2012-05-23Mark BaggettIP Fragmentation Attacks
2012-03-03Jim ClausingNew automated sandbox for Android malware
2012-02-07Jim ClausingBook Review: Practical Packet Analysis, 2nd ed
2011-05-20Guy BruneauSysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
2011-04-14Adrien de BeaupreSysinternals updates, a new blog post, and webcast
2011-02-01Lenny ZeltserThe Importance of HTTP Headers When Investigating Malicious Sites
2010-08-09Jim ClausingFree/inexpensive tools for monitoring systems/networks
2010-07-21Adrien de Beaupreautorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198)
2010-05-26Bojan ZdrnjaMalware modularization and AV detection evasion
2010-04-11Marcus SachsNetwork and process forensics toolset
2010-03-26Daniel WesemannGetting the EXE out of the RTF again
2010-02-13Lorna HutchesonNetwork Traffic Analysis in Reverse
2010-01-14Bojan ZdrnjaPDF Babushka
2010-01-07Daniel WesemannStatic analysis of malicious PDFs
2010-01-07Daniel WesemannStatic analysis of malicous PDFs (Part #2)
2009-11-25Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-03Bojan ZdrnjaOpachki, from (and to) Russia with love
2009-09-25Lenny ZeltserCategories of Common Malware Traits
2009-07-26Jim ClausingNew Volatility plugins
2009-07-02Daniel WesemannGetting the EXE out of the RTF
2009-04-15Marcus Sachs2009 Data Breach Investigation Report
2009-03-13Bojan ZdrnjaWhen web application security, Microsoft and the AV vendors all fail
2009-02-10Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09Bojan ZdrnjaSome tricks from Conficker's bag
2009-01-18Daniel Wesemann3322. org
2009-01-15Bojan ZdrnjaConficker's autorun and social engineering
2009-01-07Bojan ZdrnjaAn Israeli patriot program or a trojan
2009-01-02Rick WannerTools on my Christmas list.
2008-12-13Jim ClausingFollowup from last shift and some research to do.
2008-11-17Marcus SachsNew Tool: NetWitness Investigator
2008-11-17Jim ClausingFinding stealth injected DLLs
2008-09-03Daniel WesemannStatic analysis of Shellcode - Part 2
2008-07-07Pedro BuenoBad url classification
2006-10-02Jim ClausingReader's tip of the day: ratios vs. raw counts
2006-09-18Jim ClausingLog analysis follow up
2006-09-09Jim ClausingLog Analysis tips?
2006-09-09Jim ClausingA few preliminary log analysis thoughts