banner
LightNews
attrc.bsky.social
Andrew Case
@attrc.bsky.social
6.1K followers 1.1K following 31 posts
Volatility Core developer, Dir. of Research Volexity, LSU Cyber
Posts Media Videos Starter Packs
Reposted by Andrew Case
volatilityfoundation.org
Volatility @volatilityfoundation.org · 3d
We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...
4 3
attrc.bsky.social
Andrew Case @attrc.bsky.social · 4d
The full lineup for our From the Source event is out! The event take places on October 20th in Arlington, VA. Joe Grand will keynote followed by an amazing speaker line up across two tracks. All proceeds will be donated to Connect Our Kids. volatilityfoundation.org/from-the-sou...
From The Source 2025
Learn Directly from the World’s Leading Digital Investigators: On Monday, October 20, 2025, the Volatility Foundation is hosting From The Source, a one-day summit, in Arlington, VA, followed by fou…
volatilityfoundation.org
3 2
attrc.bsky.social
Andrew Case @attrc.bsky.social · 7d
With Volcano, security teams can automate the entire workflow of acquisition of memory and select files to deep analysis to automated alerts that directly point to signs of memory only malware and attacker activity throughout RAM and key artifacts sources from disk.
volexity.com
Volexity @volexity.com · 9d
@volexity.com Volcano Server & Volcano One v25.09.21 adds memory analysis support for ARM64 Linux, macOS 26 (Tahoe) & Windows 25H2, plus 75+ new YARA rules, 10+ new IOCs, analysis of udev rules & rolling upgrades for managed endpoints.

For more information, contact us: volexity.com/company/cont...
The stylized blue, orange and black Volexity Volcano logo is centered, with the Volcano wordmark below it. The words “by Volexity” appear below the Volcano logo. There is a dark blue banner in the upper left with white letters that read “New Release”. The background is a faded gray abstract illustration evoking smoke.
2 3
Reposted by Andrew Case
volatilityfoundation.org
Volatility @volatilityfoundation.org · 21d
#FTSCon Speaker Spotlight: Joe FitzPatrick (@securelyfitz.bsky.social) is presenting “Rethinking DMA Attacks with Erebus” in the MAKER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
5 1
Reposted by Andrew Case
volatilityfoundation.org
Volatility @volatilityfoundation.org · 21d
#FTSCon Speaker Spotlight: Andrew Case (@attrc.bsky.social) is presenting “Detection and Analysis of Memory-Only Linux Rootkits” in the MAKER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
4 2
attrc.bsky.social
Andrew Case @attrc.bsky.social · Sep 8
I am very happy to announce that @volexity.com will be well represented at @bsidesnyc.org! David McDonald will be speaking on his latest automated Powershell Deobfuscation research & I will present the latest Volatility 3 advancements against sophisticated Windows malware:

bsidesnyc.org/schedule/
Event Schedule
BSides NYC is an Information / Security conference that’s different. We’re a 100% volunteer organized event put on by and for the community, and we truly strive to keep information free.
bsidesnyc.org
1 4 3
Reposted by Andrew Case
attrc.bsky.social
Andrew Case @attrc.bsky.social · Sep 3
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques

memoryanalysis.net/courses-malw...
Malware and Memory Forensics Training - Memory Analysis
Malware and memory forensics training courses offered by the Memory Analysis Team.
memoryanalysis.net
6 6
attrc.bsky.social
Andrew Case @attrc.bsky.social · Sep 3
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques

memoryanalysis.net/courses-malw...
Malware and Memory Forensics Training - Memory Analysis
Malware and memory forensics training courses offered by the Memory Analysis Team.
memoryanalysis.net
6 6
attrc.bsky.social
Andrew Case @attrc.bsky.social · Sep 3
We have converted the online course fully to Volatility 3 while also adding a significant amount of new materials and labs. Please see our blog post announcing this:

volatilityfoundation.org/announcing-t...
Announcing the Official Parity Release of Volatility 3!
Visit the post for more.
volatilityfoundation.org
1
attrc.bsky.social
Andrew Case @attrc.bsky.social · Sep 2
At @bsidesorl.bsky.social, David McDonald and I will be delivering a hands-on workshop on using @volatilityfoundation.org 3 to detect sophisticated, memory-only malware as seen in the wild. Sign up ASAP before it fills!
bsidesorl.bsky.social
BSides Orlando @bsidesorl.bsky.social · Aug 31
🧰Workshop: Defeating Modern Malware by Andrew Case
Learn hands-on memory forensics w/ Volatility 3 to detect & triage advanced malware used by APT & ransomware groups.

https://bsorl.org/workshops
1 5 7
Reposted by Andrew Case
cyberwarcon.bsky.social
CYBERWARCON @cyberwarcon.bsky.social · Aug 28
CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!!
We are back in Arlington, VA this year on November 19th.

www.cyberwarcon.com
CYBERWARCON
www.cyberwarcon.com
1 22 29
attrc.bsky.social
Andrew Case @attrc.bsky.social · Aug 3
If you will be at @bsideslv.org on Monday, then be sure to check out David's talk on automated detection and de-obfuscation of malicious Powershell scripts!

bsideslv.org/talks#LBQDEB
Talks - BSides Las Vegas
BSides Las Vegas is a nonprofit organization formed to stimulate the Information Security industry and community.
bsideslv.org
1 3 7
Reposted by Andrew Case
volexity.com
Volexity @volexity.com · Jul 9
This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!
volatilityfoundation.org
Volatility @volatilityfoundation.org · Jul 9
The next in-person Malware & Memory Forensics Training will be in Arlington VA, October 21–24, 2025! This is the only #memoryforensics course taught directly by the Volatility developers. Course registration includes a pass to #FTSCon!

Course details: memoryanalysis.net/courses-malw...
An image of Michael Hale Ligh, a Volatility core developer, leading a training session. There are students in the foreground focused on what is being discussed. In the background, out the window, is the Washington Monument. There is a top yellow banner that reads IN-PERSON TRAINING, and a blue text box on the bottom that reads "Malware & Memory Forensics Training, October 21-24, 2025 | Arlington VA"
8 6
Reposted by Andrew Case
attrc.bsky.social
Andrew Case @attrc.bsky.social · Jun 17
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
1 11 38
attrc.bsky.social
Andrew Case @attrc.bsky.social · Jul 2
I am excited to announce that I will be speaking at
@hou-sec-con.bsky.social at the end of September in Houston! Be sure to check out my talk on Tuesday morning and my friend @mayahustle.bsky.social's talk on Wednesday afternoon. Full agenda at the following link:

web.cvent.com/event/9ba9c5...
Agenda - HOU.SEC.CON. 2025
web.cvent.com
1
Reposted by Andrew Case
dadonzeaux.bsky.social
Daniel @dadonzeaux.bsky.social · Jul 2
Super excited to help @attrc.bsky.social teach memory forensics at a @defcon.bsky.social workshop this year!

I'll also be at @bsideslv.org earlier in the week as well so if you run into me please say hi! (And I will have cool stickers)
lsuresearch.bsky.social
lsuresearch.bsky.social @lsuresearch.bsky.social · Jun 30
#LSU cyber students will teach new ways to fight malware at the world’s largest and longest-running hacking conference @defcon.bsky.social
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org
1
Reposted by Andrew Case
lsuresearch.bsky.social
lsuresearch.bsky.social @lsuresearch.bsky.social · Jun 30
#LSU cyber students will teach new ways to fight malware at the world’s largest and longest-running hacking conference @defcon.bsky.social
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org
3 3
attrc.bsky.social
Andrew Case @attrc.bsky.social · Jun 18
With Volcano for analysis and Surge Collect Pro for acquisition, you can automatically check your critical systems for signs of malware and attacker toolkits across memory and key artifact sources from disk. Contact us if you would like to schedule a virtual demo or one in person in Vegas!
volexity.com
Volexity @volexity.com · Jun 18
@Volexity.com Volcano Server & Volcano One v25.06.12 adds ~600 new YARA rules, new IOCs for fake registered antivirus & hooked Linux kernel functions, as well as support for custom post-processing bash scripts, segmented directory watching & database optimization. [1/2]
The stylized blue, orange and black Volexity Volcano logo is centered, with the Volcano wordmark below it. The words “by Volexity” appear below the Volcano logo. There is a dark blue banner in the upper left with white letters that read “New Release”. The background is a faded gray abstract illustration evoking smoke.
attrc.bsky.social
Andrew Case @attrc.bsky.social · Jun 17
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
1 11 38
attrc.bsky.social
Andrew Case @attrc.bsky.social · Jun 13
The CFP for our 2nd annual From the Source event is now open! The event includes two tracks, the first for Makers of open source DFIR tools and the second for Hunters who have performed the most interesting investigations of the last year.

volatilityfoundation.org/announcing-f...
Announcing FTSCon 2025 & In-person Malware and Memory Forensics Training!
Mark your calendars for Monday, October 20, 2025! We will again be hosting FTSCon in Arlington, Virginia.You can read more event details here. Registration is now open!
volatilityfoundation.org
3 2
attrc.bsky.social
Andrew Case @attrc.bsky.social · Jun 11
Our highly popular and technical training, "Malware and Memory Forensics with Volatility", has been fully converted to @volatilityfoundation.org 3 and significantly updated, including many new sections and 8 new, in-depth labs. Available online & in VA in October

memoryanalysis.net/courses-malw...
Malware and Memory Forensics Training - Memory Analysis
Malware and memory forensics training courses offered by the Memory Analysis Team.
memoryanalysis.net
4 7
Reposted by Andrew Case
derekbjohnson.bsky.social
Derek B. Johnson @derekbjohnson.bsky.social · Jun 4
I tried to strike a balance in this story between the dangers I was hearing about AI-assisted and "vibe coded" software and the hard, cold reality that there's probs no going back and this is going to be (if it isn't already) the "new normal" for huge chunks of software development.

Check it out!
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · Jun 4
Vibe coding is here to stay. Can it ever be secure? Research shows that AI-generated code is remarkably insecure. Yet experts tell CyberScoop it's up to industry to figure out a way to limit the issues the technology introduces. via @derekbjohnson.bsky.social cyberscoop.com/vibe-coding-...
Vibe coding is here to stay. Can it ever be secure?
Multiple studies show that AI-generated code is remarkably insecure. Yet experts tell CyberScoop it's up to industry to figure out a way to limit the issues the technology introduces.
cyberscoop.com
1 7 12
Reposted by Andrew Case
attrc.bsky.social
Andrew Case @attrc.bsky.social · May 19
I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!

rvasec.com/rvasec-14-sp...
RVAsec 14 Speaker Feature: Andrew Case - RVAsec
Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the m...
rvasec.com
7 9
attrc.bsky.social
Andrew Case @attrc.bsky.social · May 19
I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!

rvasec.com/rvasec-14-sp...
RVAsec 14 Speaker Feature: Andrew Case - RVAsec
Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the m...
rvasec.com
7 9
attrc.bsky.social
Andrew Case @attrc.bsky.social · May 16
We are VERY excited to announce that Volatility 3 has now reached feature parity with Volatility 2! With this parity release, Volatility 2 is now deprecated. Full details in the blog post linked below.
volatilityfoundation.org
Volatility @volatilityfoundation.org · May 16
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/announcing-t...
Announcing the Official Parity Release of Volatility 3!
Visit the post for more.
volatilityfoundation.org
11 20