Category: SANS Internet Storm Center

Thumbnail 0

VolDiff, for memory image differential analysis, (Sun, May 3rd)

VolDiff is a bash script that runs Volatility plugins against memory images captured before and after malware execution providing a differential analysis, helping identify IOCs and understand advanced malware behaviour. I had intended to include it in my latest toolsmith article, Attack Detection: Hunting in-memory adversaries with Rekall and WinPmem , but quite literally ran out of space and time.

Scammy Nepal earthquake donation requests, (Tue, Apr 28th) 0

Scammy Nepal earthquake donation requests, (Tue, Apr 28th)

Predictably, like after every major hurricane or earthquake, the miscreants around the globe are currently scurrying to set up their fake charities and web pages, in order to solicit donations. The people of Nepal certainly can use our help and generosity to deal with the aftermath of the April 25 earthquake, but lets make sure the money actually ends up there. For our readers in the US, USAID.gov maintains a list of charities that they work with in Nepal at http://www.usaid.gov/nepal-earthquake ..