Andrew Case

20.5K posts

Andrew Case

@attrc

@Volatility Core developer, Dir. of Research @Volexity, @lsucyber, The Art Of Memory Forensics Co-Author

New Orleans, LA Katılım Mart 2010

4.5K Takip Edilen27.4K Takipçiler

Sabitlenmiş Tweet

Andrew Case@attrc·3 Eki

With Volcano, security teams can automate the entire workflow of acquisition of memory and select files to deep analysis to automated alerts that directly point to signs of memory only malware and attacker activity throughout RAM and key artifacts sources from disk.

Volexity@Volexity

.@Volexity Volcano Server & Volcano One v25.09.21 adds memory analysis support for ARM64 Linux, macOS 26 (Tahoe) & Windows 25H2, as well as 75+ new YARA rules, 10+ new IOCs, analysis of udev rules, and rolling upgrades for managed endpoints. [1/2]

English

7.8K

Andrew Case retweetledi

volatility@volatility·6d

We have announced the winners of the 2025 @volatility #PluginContest! And the First Place is: Daniel Baier for XFRM Inspector Read the full Contest Results in our blog post: volatilityfoundation.org/the-2025-volat… Congrats to all winners & thank you to all participants! #DFIR #memoryforensics

volatility@volatility

The 2025 @volatility #PluginContest review is complete! We received 8 submissions from 7 different countries that included 20 plugins! We will be highlighting each #Contender & the winners will be announced on Friday! #DFIR #memoryforensics

English

3.1K

Andrew Case retweetledi

Jamie Levy🦉@gleeda·6 Mar

🧵 We recently had an incident that involved a MuddyWater hands-on attacker who couldn't spell "administrators" Full timeline breakdown below. 1/

English

362

54.3K

Andrew Case retweetledi

volatility@volatility·6 Mar

We are excited to announce the 2025 @volatility #PluginContest First Place winner is: Daniel Baier for XRFM Inspector See the full Contest Results: volatilityfoundation.org/the-2025-volat… Congrats to all winners & thank you to all participants! #DFIR #memoryforensics

volatility@volatility

English

3.3K

Andrew Case retweetledi

Jamie Levy🦉@gleeda·4 Mar

listening to @OliviaGalluccii talk about using AI to maximize on her macOS vulnerability research at [un]prompted. Loving what she's done! unpromptedcon.org

English

174

15K

Andrew Case@attrc·2 Mar

We (@Volexity) are looking to hire for two roles in our rapidly growing software engineering team and ecosystem. The first role is for a Group Product Manager and the second a Senior Product Manager. Both roles will be on-site in Silver Spring, Maryland. volexity.com/company/career…

English

1.2K

Andrew Case@attrc·26 Şub

Great work from @vanhoefm!

Mathy Vanhoef@vanhoefm

We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others. NDSS'26 paper: ndss-symposium.org/wp-content/upl… GitHub: github.com/vanhoefm/airsn…

English

1.6K

Andrew Case retweetledi

Andrew Case@attrc·3 Eki

Volexity@Volexity

English

7.8K

Andrew Case retweetledi

BSidesPGH@BSidesPGH·25 Şub

We’re accepting presentation proposals for BSidesPGH on July 10, and we’d love to hear what you’re working on, learning, or passionate about. CFP is open now through April 15 so you’ve got time to polish your abstract and hit submit. Submission details at bsidespgh.com

English

413

Andrew Case retweetledi

Army Counterintelligence Command (ACIC)@Real_ArmyCI·13 Şub

It doesn't take a mathematician to figure out "10 + 5 = honeytrap." Report suspicious behavior. (Graphic made with AI)

Army Counterintelligence Command (ACIC) tweet media

English

581

1.4K

9.1K

1.6M

Andrew Case retweetledi

Jamie Levy🦉@gleeda·13 Şub

If you like doing these things and more, we're looking for the right candidate! Apply here: ✅ job-boards.greenhouse.io/huntress/jobs/…

English

21.6K

Andrew Case retweetledi

Jamie Levy🦉@gleeda·13 Şub

We're looking for a Principal Threat Intel Incident Commander here at @HuntressLabs ! Do you love to: 🔍 Conduct #DFIR analysis? 👀 Track threat actors? 🕸️ Work with others across different departments? ✍️ Write about your findings? 👩‍💼 Present your work? 👇

English

17.4K

Max Harley@0xdab0·11 Şub

I'm really proud of what Shane and I did here. I'm biased, but from the results I've seen, this is a hugely scalable way to improve offsec models. It took a ton of engineering work to get it working, but the results speak for itself.

dreadnode@dreadnode

We fine-tuned an 8B model to pop a GOAD domain…using only synthetic training data. No real networks. No frontier model distillation. Just a world model that simulates AD environments and generates realistic pentesting trajectories. See how @shncldwll and @0xdab0 did it: dreadnode.io/blog/worlds-a-…

English

Andrew Case@attrc·11 Şub

@0xdab0 It is really nice work! I have been performing some research on the opposite direction, for automated detection creation, and it will be fun to eventually observe both sides (attack and defense) when automated like this.

English

180

Andrew Case retweetledi

Andy Piazza@klrgrz·11 Şub

Join @Unit42_Intel Fusion Intelligence Team! We're hiring a Principal CTI Researcher to help us rapidly respond to emerging threats by hunting for badness and writing intel reports & briefings. Let's goooooo paloaltonetworks.wd5.myworkdayjobs.com/en-US/panwexte…

English

7.7K

Andrew Case retweetledi

kernelcon@_kernelcon_·11 Şub

REPOST! NEW WORKSHOP! 4.8 ONLY Hands-on Ham Radio Workshop - expand your comm skills & explore a critical tech that bridges emergency response, sec, and off-grid comms. Upon completion, attendees will be qualified to test for their HAM radio license! #ham-radio-workshop" target="_blank" rel="nofollow noopener">kernelcon.org/training#ham-r…

English

683

Andrew Case@attrc·11 Şub

really interesting work from @pmigdal

Piotr Migdal@pmigdal

Claude can code, but can it read machine code? We gave AI agents access to Ghidra (a decompiler by the NSA) and tasked them with finding hidden backdoors in servers - working solely from binaries, without any access to source code. See our BinaryAudit: quesma.com/blog/introduci…

English

4.3K

Andrew Case retweetledi

J. A. Guerrero-Saade@juanandres_gs·8 Şub

There’s no need to suffer through the rough patch of indeterministic Claude Code behaviors. Here’s my config to get you started w proper planning, implementation, and review, phased development, decision point documentation, git worktrees, and consensus deep research implemented w deterministic hooks. It’s a WIP. Hope it helps! github.com/juanandresgs/c…

English

161

22.2K

Andrew Case@attrc·6 Şub

This class looks amazing!

Joe Fitz@securelyfitz

I've got a brand new class in the works! Applied Physical Defenses: Secure Boot and Encrypted Firmware The first time I offer this class will be @BlackHatEvents in Singapore on April 21-22, more offerings coming soon. #applied-hardware-defences-secure-boot-and-encrypted-firmware-49814" target="_blank" rel="nofollow noopener">blackhat.com/asia-26/traini…

English

946

Andrew Case retweetledi

David Weston (DWIZZZLE)@dwizzzleMSFT·5 Şub

This has been insanely valuable for security decisions in my experience - it seems somewhat similar to what @moyix and team described for @xbow shoutout @jayparikh

Burke Holland@burkeholland

I discovered the wildest feature of @github Copilot CLI by complete accident last night. You can have models call each other. So you can have Opus, Codex and Gemini all working together in the same chat.🤯

English

6.7K

Andrew Case@attrc·4 Şub

KernelCon is an amazing event to learn deeply technical content and to network with some great people in the field. Highly recommend!

kernelcon@_kernelcon_

Student Scholarship closes in 2 days! 2-6-26 check the reqs & submit! Can't't wait to see everyone at the con! kernelcon.org/register

English

958

Keşfet

@volatility @OliviaGalluccii @Volexity @vanhoefm @HuntressLabs @0xdab0 @Unit42_Intel @pmigdal