Author: Lipson Thomas Philip

Volatility 3 is an essential memory forensics framework for analyzing memory dumps from Windows, Linux, and macOS systems. One of its main strengths is process and thread analysis, which can detect hidden, injected, or manipulated processes and threads used by malware. This article breaks down the core plugins and techniques used in Volatility 3 to analyze processes and threads and how they can be leveraged to detect malicious activity. What to Look for in Processes? Processes are among the most critical artifacts to examine when analyzing memory dumps. The malware hides by manipulating process structures, injecting code, or running under…

Analyzing a memory dump or (Memory Dump Analysis) can feel like peering into the soul of a system. It reveals everything the system was doing when the snapshot was taken. Understanding memory dumps is valuable if you’re a digital forensics professional, malware analyst, or cybersecurity student. Volatility 3 is one of the most essential tools for memory analysis. This article walks you through the first steps using Volatility 3, including basic commands and plugins like imageinfo, pslist, and more. Starting with a Memory Dump Before digging into plugins, make sure you have a valid memory dump and Volatility3 loaded. Volatility3…

Description of the machine Deathnote is an easy-level virtual machine available on Vulnhub designed to enhance your skills for beginners. This walkthrough will guide you through each step to exploit the machine and achieve root access. The machine is inspired by the Japanese manga series “DeathNote”. Note: According to HWKDS (the author), this VM works better in VirtualBox than VMWare. However, this guide performed the walkthrough in VMWare. If you find any problems, refer to the “Common Fixes & Troubleshoot section”. Machine Information NameDeathnoteRelease Date4 September 2021Created ByHWKDSSeriesDeathnoteFile Size658 MBFormatVirtual Machine (OVA)Operating SystemLinuxDHCP ServiceEnabledIP AddressAutomatically Assign Note: The root is disabled…

Volatility 3 is a robust open-source memory forensics framework written in Python. Built from the ground up to replace its predecessor, Volatility2, it takes advantage of modern Python language practices and modular architecture. This article breaks down its internal architecture, explaining its core components, the role of plugins, and how its design benefits both analysts and developers. Architecture Volatility 3 Overview At its core, Architecture Volatility3 is built on a clean, object-oriented design that separates concerns into discrete components. This modularity is one of the main architectural improvements over Volatility2. The system is structured around three primary building blocks: 1.…

Nowadays, memory forensics is a crucial component of digital investigations. Knowing what’s going on in a computer’s memory might provide information that disk forensics frequently overlooks, whether one is a threat hunter, incident responder, or malware analyst. Tools must change to keep up with the increasing sophistication of cyber threats. Volatility 3 is a free memory forensics tool developed and maintained by the Volatility Foundation. It is written in Python and used by malware researchers and SOC analysts. It is available for Linux, MacOS, and Windows. Volatility 3 is a widely used framework for extracting digital artifacts from volatile memory…

Cybercrime is one of the fastest-expanding illegal industries in the world. It’s low-risk, high-reward, and increasingly accessible. Digital thieves have devised many methods to profit from the Internet, ranging from phishing schemes to ransomware assaults. But behind the headlines, one question lingers: How do cybercriminal avoid getting caught? Here’s a breakdown of cybercriminal’s tactics, tools, and behaviours to stay anonymous and out of reach. 1. They Stay Anonymous by Design The number one rule for cybercriminals is never to reveal your identity. That sounds obvious, but they go to great lengths to protect it. Use of Aliases Cybercriminals never reveal…

HTTPX is a fast and flexible HTTP toolkit created by Project Discovery. It allows security professionals to probe HTTP-based targets quickly and extract useful information like status codes, titles, redirects, web technologies, and much more. In penetration testing, bug bounty hunting, and reconnaissance, speed and breadth matter. HTTPX makes it easy to automate web asset discovery, technology fingerprinting, and vulnerability mapping without heavy scripting. It’s built for high performance and deep inspection. Why Use HTTPX? Differences between HTTPX, Curl, Wget, Nmap When to Use HTTPX? When you need to scan thousands of subdomains, discover web apps quickly, detect tech stacks,…

Snort is a widely used open-source intrusion detection system (IDS) that monitors network traffic for suspicious activity and logs the event when it detects something unusual. These log files are key to understanding what’s happening in your network — but only if you know how to read them. Tools like tcpdump and Wireshark make this job easier by helping you visualize and interpret the raw data. In this guide, we’ll explain how to read Snort log files using tcpdump and Wireshark so you can investigate alerts effectively and better protect your network. Understanding Snort Log Formats Before diving into analysis,…

Your SIM card might seem like a small, harmless piece of plastic inside your phone, but it’s a key part of your mobile identity. It connects you to the mobile network, stores identifying information, and can even receive security codes from your bank. That makes it a tempting target for hackers. In this article, we’ll break down how hackers hack SIM cards, what they can do once they’ve done it, and how you can protect yourself. We’ll cover the main techniques: SIM swapping, SIM cloning, and over-the-air (OTA) attacks, plus some real-world examples and tips to stay safe. What is…

Introduction In this post, we will learn about creating custom rules in Snort. The main question is, what is snort? Snort is an open-source intrusion detection and prevention system (IDS/IPS) used by security experts worldwide. The tool has a vast library of preconfigured rules. However, the true magic begins with the ability to create custom Snort rules. This gives the tool the power to detect specific threats with generic signatures. Whether you want to prevent freshly found malware, monitor suspicious user activity, or fine-tune warnings for internal policy, Snort allows you to create your own rules and have total control…