Post 1: Detecting Malware with GDI Timers and Callbacks
This posts covers analyzing malware samples that use timer callbacks to schedule actions.
Post 2: Taking Screenshots from Memory Dumps
This posts covers the data structures and algorithms required to recreate the state of the screen (a screenshot) at the time of the memory capture.
Post 3: Recovering Master Boot Records (MBRs) from Memory
This post covers recovering the MBR from memory and detecting bootkits.
Post 4: Cache Rules Everything Around Me(mory)
This post covers a new plugin that can recover in-tact files from the Windows Cache Manager.
Post 5: Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit
This post covers analyzing the Phalax2 rootkit with Volatility and other reversing tools.
This concludes the month of Volatlity, but do not fret, we have already posted a number of other non-MOVP posts and more are coming ;)