Andrew Case

20.5K posts

Andrew Case

@attrc

@Volatility Core developer, Dir. of Research @Volexity, @lsucyber, The Art Of Memory Forensics Co-Author

New Orleans, LA Katılım Mart 2010

4.7K Takip Edilen27.4K Takipçiler

Sabitlenmiş Tweet

Andrew Case@attrc·3 Eki

With Volcano, security teams can automate the entire workflow of acquisition of memory and select files to deep analysis to automated alerts that directly point to signs of memory only malware and attacker activity throughout RAM and key artifacts sources from disk.

Volexity@Volexity

.@Volexity Volcano Server & Volcano One v25.09.21 adds memory analysis support for ARM64 Linux, macOS 26 (Tahoe) & Windows 25H2, as well as 75+ new YARA rules, 10+ new IOCs, analysis of udev rules, and rolling upgrades for managed endpoints. [1/2]

English

9.1K

Andrew Case@attrc·3d

Does anyone know the actual effect of what Riot did? Are the cards actually bricked? OS updated required? Reinstall? The existing replies all seem to be from bots and are entirely useless.

Riot Games@riotgames

congrats to the owners of a brand new $6k paperweight

English

2.7K

Andrew Case retweetledi

Volexity@Volexity·6d

The latest @DarknetDiaries (Ep. 174: Pacific Rim) offers a look at state-sponsored groups targeting perimeter infrastructure & edge devices. Thanks @JackRhysider for mentioning our work! @Volexity’s detection and response efforts combined network visibility, host-based analysis, #threatintelligence & #memoryforensics, enabling us to discover these complex #0days being exploited in the wild. Read our blog post for the original research mentioned: volexity.com/blog/2022/06/1…

Jack Rhysider 🏴‍☠️@JackRhysider

Ep 174 "Pacific Rim" is now live! 🔊 Sophos got attacked by a nation state actor. How they handled it is controversial. Curious what you would have done. darknetdiaries.com/episode/174/

English

2.1K

Andrew Case@attrc·14 Nis

Memory-only malware leaves no trace on the file system & is commonly used by threat actors ranging from criminal organizations to ransomware operators to APTs. In our @volatility 3 training, students gain deep hands on experience analyzing such threats: memoryanalysis.net/courses-malwar…

English

142

10.9K

Andrew Case@attrc·14 May

@TheStalwart You should reach out to @daveaitel @dinodaizovi @halvarflake for meaningful thoughts on this

English

286

Joe Weisenthal@TheStalwart·14 May

Cybersecurity is something I’ve literally never spent much time learning about. And probably I should change that. But I’m curious, is there such thing as provably secure software, or is security always relative to state of the art hacking technology?

Andrew Curran@AndrewCurran_

Mythos has cracked MacOS. It took five days.

English

348

124.1K

Andrew Case retweetledi

Brendan Dolan-Gavitt@moyix·13 May

I'm glad we can finally talk about this! :D As an inveterate blabbermouth it has been killing me to keep my blabbering mouth shut

XBOW@Xbow

For the past 2 months, XBOW has been testing Mythos Preview under embargo as part of a select early-access group. Today, we can finally share what we found. The headline: Mythos Preview is a major advance. It is substantially better than prior models at finding vulnerability candidates, especially when source code is available. But it’s not perfect. We surfaced issues with exploit validation, judgment, and efficiency. Our full write-up covers where Mythos Preview shines, where it still needs support, and what we think this means for the future of offensive security: bit.ly/42zQl98

English

141

31.9K

Andrew Case retweetledi

Andrew Case@attrc·3 Eki

Volexity@Volexity

English

9.1K

Andrew Case retweetledi

Michael (Allegedly)@MichaelAlleged·2 May

so you’re telling me fighters in the desert need to move in strange ways to avoid the ire of an inescapable predator?

Curiosity@CuriosityonX

🚨: Eight Marines outsmarted a DARPA AI meant to spot people. Two somersaulted 300 meters, two snuck under a cardboard box, and one pretended to be a tree—and the AI missed them all, because it was trained to catch people walking.

English

261

83.3K

3.2M

Andrew Case retweetledi

BSides Memphis@BSidesMemphiss·31 Mar

SAVE THE DATE!! BSides Memphis will be hosted at Epicenter Memphis on October 3rd, 2026! More info to come on tickets, CFP, Sponsors, ect. please share so the local community knows this is happening!

English

451

Andrew Case@attrc·29 Nis

Your on-the-go life really changes when you get a powerful desktop (Mac Studio) at home and @Tailscale back for long running tasks

resham ☻@Reshusaur

new walk of shame: agent still working, but the cafe closed

English

3.7K

Andrew Case retweetledi

REcon@reconmtl·28 Nis

We have started announcing Recon 2026 Presentations recon.cx/2026/en/speake… More talks to be announced soon once we have confirmations @frodosobon @realytcracker @allthingsida @hexnomad @0x464D @hunterbr72 @joegrand @clearbluejar @InvokeReversing @LennertWo @pinkflawd @Coiffeur0x90 @MathildeVenault @NicoleFishi19 @nicolodev @phLaul @SinSinology @i0n1c @mr_phrazer @tmanning @hex86_64 #REcon2026 #ReverseEngineering #InfoSec #cybersecurity

English

9.5K

Andrew Case@attrc·17 Nis

I am excited to announce that I will be speaking at @bsidesnash on May 15th. Be sure to attend to see all the latest @volatility 3 plugins against the most sophisticated and devastating malware from the wild!

English

2.6K

Andrew Case retweetledi

L0Psec@L0Psec·6 Nis

Another interesting one shared by @malwrhunterteam: 1c715cd40331ba2ca6559d2fdb958e7f44053080f9ffd3d90bd1916978d336cb ( 1 VT hit for DPRK). This is a fun one and even has a usage prompt when executing, which is strange. 🧵 Let's dig in

English

8.7K

Andrew Case retweetledi

BSidesCharm@BSidesCharm·19 Nis

If you haven't grabbed a ticket for #BSidesCharm 2026, WHY NOT??? - go to eventbrite.com/e/bsidescharm-… - 1 ticket gets you in for BOTH days!

English

1.9K

Andrew Case@attrc·16 Nis

Can't agree more. The depth of these reports is incredible!

Justin Elze@HackingLZ

CISOs should consider taking 30 minutes and reading a few random reports from @TheDFIRReport thedfirreport.com/reports/

English

4.5K

Andrew Case retweetledi

BSidesCharm@BSidesCharm·12 Nis

Tickets are still available for #BSidesCharm 2026 - go to eventbrite.com/e/bsidescharm-… - 1 ticket gets you in for BOTH days!

English

1.5K

Andrew Case retweetledi

REcon@reconmtl·8 Nis

Last call. REcon 2026 CFP deadline is April 11. Deep technical content, reverse engineering, exploitation research. recon.cx/2026/en/cfp.ht… #reverseengineering