AAron Walters posts a challenge to the memory forensics community: detect the “undetectable” by using Volatility to find artifacts in memory for a new Metasploit payload known to be leveraging a technique known as Reflective DLL Injection. Less than 24 hours later, Michael Hale Ligh is the first person to respond to the challenge and proves that Volatility can find hidden DLLs and other injected code blocks.
