Investigating Malware Using Memory Forensics - A Practical Approach
Vložit
- čas přidán 25. 07. 2024
- This presentation mainly focuses on the practical concept of memory forensics and shows how to use memory forensics to detect, investigate and understand the capabilities of malicious software. In addition to that, with the help of various demonstrations, the presentation also covers various tricks and techniques used by the malware including some of the stealth and evasive capabilities.
By Monnappa K A
Full Abstract & Presentation Materials: www.blackhat.com/asia-19/brie...
You made memory forensics so easy to understand for a newbie like me. I’m now more interested in practicing forensics. Hats off to to you sir Monnappa!
you are a role model in cyber security sir.
One of the best presentations that I ever attended. I feel I learned at each and every second of the presentation. Very engaging talk. The experience and the expertise of Monnappa on Volatility framework is incredible. Great work. :)
By far, one of the best videos in terms of understanding the processes used and the different commands with Volatility. Will be watching again so I can practise on my own examples with Volatility3.
Thank you very much Monnappa for this excellent presentation and perfect demonstration.
This absolutely blew my mind. So detailed and well explained. Thank you Monnappa!
Amazing presentation with TONS of invaluable information, all in a very concise manner. TY!
I love to follow ur videos your videos teaches me a lot.
Thank you so much.
wow, extraordinary presentation, can I request to get the discussed memory dumps for practicing? please
Danke für die Präsentation. Habe super viel gelernt was ich nun auf der Arbeit umsetzten kann ❤️
What a voice sir, it is so clear and your approach to each objective is definitely whelming. Thank you for such a great demonstration, felt like learnt and dealt with my investigation. Tahnk you once again.
An Awesome tool for Memory Forensics and a very detailed presentation!!
Glad this is an open-source tool.
Man thanks, I had to do incident response for my threat hunt class. I was so lost but this cleared up a bunch.
Best memory forensics presentation ever! Thank you sir!
Very detailed presentation. Thank you for sharing
This is an awesome informative presentation. Thank you 😊
Wow 👏 thank you so much for this session 🙌
Awesome and great explanation.
Really very nice explanation..I am getting 60 %clarity on memory analysis
Best learning session, thank you
very nice.. thank you for delivering great talk.
Thanks CZcams for recommending this video
You are the best... 👍
Good work Sir.
Good one
Please provide full video..
It's very useful
So beautiful!!!!
Brilliant, nothing to say more
Nice presentation.
volatility rulez. This is all one may need for malware analysis.
Awesome book bro 💪👊👌 read it 😍🥰
Very Nice...
awesome !!!!nice training
I’m now more interested in practicing forensics, can you share the memory dump
i tried to recover a packed malware from memory knowing its PID using procdump but it recovered me packed exe . Can't i recover it unpacked ?
i really liked this presentation; very informative and, indeed, practical. I'm sure I'm not alone in my disappointment for what defcon and black hat have become. What's more; the infosec industry in the east seems much less superficial and sexy, which is why the best presentations come from people who live outside the US, Canada, Western Europe. Feels like that, anyway.
Is it possible to get the sample you are analyzing ?
Hi sir, I'm doing a project on "Primary Memory Analysis". I have a question how can I undergo the live memory forensic, in which computer system I need to undergo, can I do on my personal laptop and what are the programs I need to run or do I need to download memory dump from the Internet containing malware? Could you plz advice.
how to do memory forensics in Routers
can u provide the file link
How to do analysis on infected Android mobile
i want one sample .vmem file
Vmem is a memory dump from a VMware machine. Easiest and cleanest way to obtain it is to snapshot an infected VM and look for this file on the folder the VM is at. You can then run volatility on it without the need to converting it to a raw dump
The dizzying array of tools and techniques... it's mindboggling.
Don't we all agree that the root cause of all these issues is... Windows? Ditch that shit OS.
nice very informative! could be alot better tho!
Gulp!
wkwkwk server C2 nya di undip