Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: More new volatility plugins SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More new volatility plugins

If you follow our diary at all, by now, you know I am a big fan of volatility for doing analysis of memory images.  I use it quit a bit in my automated malware analysis environment.*  Well, our friend, Michael Hale Ligh, who brought us the excellent malfind plugin has released another great plugin, the usermode_hook plugin.  Read his writeup, it is well worth the time.

 

*Shameless plug: Come to SANSFIRE in Baltimore next month and meet many of the handlers, I'll be talking about my automated environment including how I currently use volatility and some of what I still want to do with it.

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Secure Japan 2021

Jim

416 Posts
ISC Handler
May 28th 2009

Sign Up for Free or Log In to start participating in the conversation!