Recovering TeamViewer (and other) Credentials from RAM with EditBox
by Volatility | Aug 1, 2015 | contest, forensics, passwords, volatility, windows
I recently stumbled upon the TeamViewer-dumper-in-CPP project, which shows just how easy it is to recover TeamViewer IDs, passwords, and account information from a running TV instance by enumerating child windows (on a live machine). The method is based on sending a...The 2015 Volatility Plugin contest is now live!
by Volatility | Jul 16, 2015 | contest, volatility, volatility foundation
This is a quick update to announce that the 2015 Volatility Plugin contest is now live and accepting submissions until October 1st. Winners of this year’s contest will be receiving over $2,000 in cash prizes as well as plenty of Volatility swag (t-shirts,...Volatility at Black Hat USA & DFRWS 2015!
by Volatility | Jul 13, 2015 | arsenal, artofmemoryforensics, blackhat, dfrws, volatility, volatility foundation
Due to another year of open research and giving back to the open source community, Volatility will have a strong presence at both Black Hat USA and DFRWS 2015. This includes presentations, a book signing, and even a party! At Black Hat, the core Volatility Developers...Using mprotect(.., .., PROT_NONE) on Linux
by Jamie Levy | May 15, 2015 | linux, page permissions, volatility
After deciding to revisit some old code of mine (ok, very old), I realized that there was something different about how Linux was allocating pages of data I wanted to hide. At first, I was glad that I couldn’t see the data using yarascan, but...Windows Malware and Memory Forensics Training in the UK
by Volatility | Mar 16, 2015 | artofmemoryforensics, malware, training, volatility
Windows Malware and Memory Forensics Training by The Volatility Project is the only memory forensics course officially designed, sponsored, and taught by the Volatility developers. One of the main reasons we made Volatility open-source is to encourage and...
You must be logged in to post a comment.