Post 1: Detecting Malware with GDI Timers and Callbacks
This posts covers analyzing malware samples that use timer callbacks to schedule actions.
http://volatility-labs.blogspot.com/2012/10/movp-41-detecting-malware-with-gdi.html
Post 2: Taking Screenshots from Memory Dumps
This posts covers the data structures and algorithms required to recreate the state of the screen (a screenshot) at the time of the memory capture.
http://volatility-labs.blogspot.com/2012/10/movp-43-taking-screenshots-from-memory.html
Post 3: Recovering Master Boot Records (MBRs) from Memory
This post covers recovering the MBR from memory and detecting bootkits.
http://volatility-labs.blogspot.com/2012/10/movp-43-recovering-master-boot-records.html
Post 4: Cache Rules Everything Around Me(mory)
This post covers a new plugin that can recover in-tact files from the Windows Cache Manager.
http://volatility-labs.blogspot.com/2012/10/movp-44-cache-rules-everything-around.html
Post 5: Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit
This post covers analyzing the Phalax2 rootkit with Volatility and other reversing tools.
http://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html
This concludes the month of Volatlity, but do not fret, we have already posted a number of other non-MOVP posts and more are coming ;)
No comments:
Post a Comment