Andrew Case
@attrc.bsky.social
Volatility Core developer, Dir. of Research Volexity, LSU Cyber
Reposted by Andrew Case
@volexity.com has continued to see nation-state threat actors use AI + LLMs to assist in cyber attacks. Our recent research on a Chinese APT threat actor (UTA0388) using AI in its operation was something @stevenadair.bsky.social recently discussed with the @wsj.com.
Exclusive: China’s state-sponsored hackers used Anthropic’s AI model to automate break-ins of major corporations and foreign governments.
Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks
The use of AI automation in hacks is a growing trend that gives hackers additional scale and speed
on.wsj.com
November 14, 2025 at 4:28 PM
@volexity.com has continued to see nation-state threat actors use AI + LLMs to assist in cyber attacks. Our recent research on a Chinese APT threat actor (UTA0388) using AI in its operation was something @stevenadair.bsky.social recently discussed with the @wsj.com.
Reposted by Andrew Case
We had a great day yesterday at #FTSCon 2025! FTSCon Week continues with @joegrand.bsky.social's Hardware Hacking Basics + #Volatility Malware & Memory Forensics training with @attrc.bsky.social, Michael Ligh + Dave Lassalle.
October 21, 2025 at 1:37 PM
We had a great day yesterday at #FTSCon 2025! FTSCon Week continues with @joegrand.bsky.social's Hardware Hacking Basics + #Volatility Malware & Memory Forensics training with @attrc.bsky.social, Michael Ligh + Dave Lassalle.
Reposted by Andrew Case
We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...
October 7, 2025 at 4:47 PM
We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...
The full lineup for our From the Source event is out! The event take places on October 20th in Arlington, VA. Joe Grand will keynote followed by an amazing speaker line up across two tracks. All proceeds will be donated to Connect Our Kids. volatilityfoundation.org/from-the-sou...
From The Source 2025
Learn Directly from the World’s Leading Digital Investigators: On Monday, October 20, 2025, the Volatility Foundation is hosting From The Source, a one-day summit, in Arlington, VA, followed by fou…
volatilityfoundation.org
October 6, 2025 at 3:49 PM
The full lineup for our From the Source event is out! The event take places on October 20th in Arlington, VA. Joe Grand will keynote followed by an amazing speaker line up across two tracks. All proceeds will be donated to Connect Our Kids. volatilityfoundation.org/from-the-sou...
With Volcano, security teams can automate the entire workflow of acquisition of memory and select files to deep analysis to automated alerts that directly point to signs of memory only malware and attacker activity throughout RAM and key artifacts sources from disk.
@volexity.com Volcano Server & Volcano One v25.09.21 adds memory analysis support for ARM64 Linux, macOS 26 (Tahoe) & Windows 25H2, plus 75+ new YARA rules, 10+ new IOCs, analysis of udev rules & rolling upgrades for managed endpoints.
For more information, contact us: volexity.com/company/cont...
For more information, contact us: volexity.com/company/cont...
October 3, 2025 at 5:05 PM
With Volcano, security teams can automate the entire workflow of acquisition of memory and select files to deep analysis to automated alerts that directly point to signs of memory only malware and attacker activity throughout RAM and key artifacts sources from disk.
Reposted by Andrew Case
#FTSCon Speaker Spotlight: Joe FitzPatrick (@securelyfitz.bsky.social) is presenting “Rethinking DMA Attacks with Erebus” in the MAKER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
September 19, 2025 at 1:23 PM
#FTSCon Speaker Spotlight: Joe FitzPatrick (@securelyfitz.bsky.social) is presenting “Rethinking DMA Attacks with Erebus” in the MAKER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
Reposted by Andrew Case
#FTSCon Speaker Spotlight: Andrew Case (@attrc.bsky.social) is presenting “Detection and Analysis of Memory-Only Linux Rootkits” in the MAKER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
September 18, 2025 at 9:34 PM
#FTSCon Speaker Spotlight: Andrew Case (@attrc.bsky.social) is presenting “Detection and Analysis of Memory-Only Linux Rootkits” in the MAKER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
I am very happy to announce that @volexity.com will be well represented at @bsidesnyc.org! David McDonald will be speaking on his latest automated Powershell Deobfuscation research & I will present the latest Volatility 3 advancements against sophisticated Windows malware:
bsidesnyc.org/schedule/
bsidesnyc.org/schedule/
Event Schedule
BSides NYC is an Information / Security conference that’s different. We’re a 100% volunteer organized event put on by and for the community, and we truly strive to keep information free.
bsidesnyc.org
September 8, 2025 at 3:19 PM
I am very happy to announce that @volexity.com will be well represented at @bsidesnyc.org! David McDonald will be speaking on his latest automated Powershell Deobfuscation research & I will present the latest Volatility 3 advancements against sophisticated Windows malware:
bsidesnyc.org/schedule/
bsidesnyc.org/schedule/
Reposted by Andrew Case
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
Malware and Memory Forensics Training - Memory Analysis
Malware and memory forensics training courses offered by the Memory Analysis Team.
memoryanalysis.net
September 3, 2025 at 5:11 PM
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
Malware and Memory Forensics Training - Memory Analysis
Malware and memory forensics training courses offered by the Memory Analysis Team.
memoryanalysis.net
September 3, 2025 at 5:11 PM
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
At @bsidesorl.bsky.social, David McDonald and I will be delivering a hands-on workshop on using @volatilityfoundation.org 3 to detect sophisticated, memory-only malware as seen in the wild. Sign up ASAP before it fills!
🧰Workshop: Defeating Modern Malware by Andrew Case
Learn hands-on memory forensics w/ Volatility 3 to detect & triage advanced malware used by APT & ransomware groups.
https://bsorl.org/workshops
Learn hands-on memory forensics w/ Volatility 3 to detect & triage advanced malware used by APT & ransomware groups.
https://bsorl.org/workshops
September 2, 2025 at 2:50 PM
At @bsidesorl.bsky.social, David McDonald and I will be delivering a hands-on workshop on using @volatilityfoundation.org 3 to detect sophisticated, memory-only malware as seen in the wild. Sign up ASAP before it fills!
Reposted by Andrew Case
CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!!
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
CYBERWARCON
www.cyberwarcon.com
August 28, 2025 at 5:35 PM
CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!!
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
If you will be at @bsideslv.org on Monday, then be sure to check out David's talk on automated detection and de-obfuscation of malicious Powershell scripts!
bsideslv.org/talks#LBQDEB
bsideslv.org/talks#LBQDEB
Talks - BSides Las Vegas
BSides Las Vegas is a nonprofit organization formed to stimulate the Information Security industry and community.
bsideslv.org
August 3, 2025 at 6:52 PM
If you will be at @bsideslv.org on Monday, then be sure to check out David's talk on automated detection and de-obfuscation of malicious Powershell scripts!
bsideslv.org/talks#LBQDEB
bsideslv.org/talks#LBQDEB
Reposted by Andrew Case
This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!
The next in-person Malware & Memory Forensics Training will be in Arlington VA, October 21–24, 2025! This is the only #memoryforensics course taught directly by the Volatility developers. Course registration includes a pass to #FTSCon!
Course details: memoryanalysis.net/courses-malw...
Course details: memoryanalysis.net/courses-malw...
July 9, 2025 at 8:54 PM
This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!
Reposted by Andrew Case
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
June 17, 2025 at 2:06 PM
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
I am excited to announce that I will be speaking at
@hou-sec-con.bsky.social at the end of September in Houston! Be sure to check out my talk on Tuesday morning and my friend @mayahustle.bsky.social's talk on Wednesday afternoon. Full agenda at the following link:
web.cvent.com/event/9ba9c5...
@hou-sec-con.bsky.social at the end of September in Houston! Be sure to check out my talk on Tuesday morning and my friend @mayahustle.bsky.social's talk on Wednesday afternoon. Full agenda at the following link:
web.cvent.com/event/9ba9c5...
Agenda - HOU.SEC.CON. 2025
web.cvent.com
July 2, 2025 at 2:09 PM
I am excited to announce that I will be speaking at
@hou-sec-con.bsky.social at the end of September in Houston! Be sure to check out my talk on Tuesday morning and my friend @mayahustle.bsky.social's talk on Wednesday afternoon. Full agenda at the following link:
web.cvent.com/event/9ba9c5...
@hou-sec-con.bsky.social at the end of September in Houston! Be sure to check out my talk on Tuesday morning and my friend @mayahustle.bsky.social's talk on Wednesday afternoon. Full agenda at the following link:
web.cvent.com/event/9ba9c5...
Reposted by Andrew Case
Super excited to help @attrc.bsky.social teach memory forensics at a @defcon.bsky.social workshop this year!
I'll also be at @bsideslv.org earlier in the week as well so if you run into me please say hi! (And I will have cool stickers)
I'll also be at @bsideslv.org earlier in the week as well so if you run into me please say hi! (And I will have cool stickers)
#LSU cyber students will teach new ways to fight malware at the world’s largest and longest-running hacking conference @defcon.bsky.social
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org
July 2, 2025 at 2:07 AM
Super excited to help @attrc.bsky.social teach memory forensics at a @defcon.bsky.social workshop this year!
I'll also be at @bsideslv.org earlier in the week as well so if you run into me please say hi! (And I will have cool stickers)
I'll also be at @bsideslv.org earlier in the week as well so if you run into me please say hi! (And I will have cool stickers)
Reposted by Andrew Case
#LSU cyber students will teach new ways to fight malware at the world’s largest and longest-running hacking conference @defcon.bsky.social
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org
June 30, 2025 at 5:00 PM
#LSU cyber students will teach new ways to fight malware at the world’s largest and longest-running hacking conference @defcon.bsky.social
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org
With Volcano for analysis and Surge Collect Pro for acquisition, you can automatically check your critical systems for signs of malware and attacker toolkits across memory and key artifact sources from disk. Contact us if you would like to schedule a virtual demo or one in person in Vegas!
@Volexity.com Volcano Server & Volcano One v25.06.12 adds ~600 new YARA rules, new IOCs for fake registered antivirus & hooked Linux kernel functions, as well as support for custom post-processing bash scripts, segmented directory watching & database optimization. [1/2]
June 18, 2025 at 9:16 PM
With Volcano for analysis and Surge Collect Pro for acquisition, you can automatically check your critical systems for signs of malware and attacker toolkits across memory and key artifact sources from disk. Contact us if you would like to schedule a virtual demo or one in person in Vegas!
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
June 17, 2025 at 2:06 PM
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
The CFP for our 2nd annual From the Source event is now open! The event includes two tracks, the first for Makers of open source DFIR tools and the second for Hunters who have performed the most interesting investigations of the last year.
volatilityfoundation.org/announcing-f...
volatilityfoundation.org/announcing-f...
Announcing FTSCon 2025 & In-person Malware and Memory Forensics Training!
Mark your calendars for Monday, October 20, 2025! We will again be hosting FTSCon in Arlington, Virginia.You can read more event details here. Registration is now open!
volatilityfoundation.org
June 13, 2025 at 5:48 PM
The CFP for our 2nd annual From the Source event is now open! The event includes two tracks, the first for Makers of open source DFIR tools and the second for Hunters who have performed the most interesting investigations of the last year.
volatilityfoundation.org/announcing-f...
volatilityfoundation.org/announcing-f...
Our highly popular and technical training, "Malware and Memory Forensics with Volatility", has been fully converted to @volatilityfoundation.org 3 and significantly updated, including many new sections and 8 new, in-depth labs. Available online & in VA in October
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
Malware and Memory Forensics Training - Memory Analysis
Malware and memory forensics training courses offered by the Memory Analysis Team.
memoryanalysis.net
June 11, 2025 at 4:36 PM
Our highly popular and technical training, "Malware and Memory Forensics with Volatility", has been fully converted to @volatilityfoundation.org 3 and significantly updated, including many new sections and 8 new, in-depth labs. Available online & in VA in October
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
Reposted by Andrew Case
I tried to strike a balance in this story between the dangers I was hearing about AI-assisted and "vibe coded" software and the hard, cold reality that there's probs no going back and this is going to be (if it isn't already) the "new normal" for huge chunks of software development.
Check it out!
Check it out!
Vibe coding is here to stay. Can it ever be secure? Research shows that AI-generated code is remarkably insecure. Yet experts tell CyberScoop it's up to industry to figure out a way to limit the issues the technology introduces. via @derekbjohnson.bsky.social cyberscoop.com/vibe-coding-...
Vibe coding is here to stay. Can it ever be secure?
Multiple studies show that AI-generated code is remarkably insecure. Yet experts tell CyberScoop it's up to industry to figure out a way to limit the issues the technology introduces.
cyberscoop.com
June 4, 2025 at 9:32 PM
I tried to strike a balance in this story between the dangers I was hearing about AI-assisted and "vibe coded" software and the hard, cold reality that there's probs no going back and this is going to be (if it isn't already) the "new normal" for huge chunks of software development.
Check it out!
Check it out!
Reposted by Andrew Case
I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!
rvasec.com/rvasec-14-sp...
rvasec.com/rvasec-14-sp...
RVAsec 14 Speaker Feature: Andrew Case - RVAsec
Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the m...
rvasec.com
May 19, 2025 at 5:06 PM
I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!
rvasec.com/rvasec-14-sp...
rvasec.com/rvasec-14-sp...
I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!
rvasec.com/rvasec-14-sp...
rvasec.com/rvasec-14-sp...
RVAsec 14 Speaker Feature: Andrew Case - RVAsec
Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the m...
rvasec.com
May 19, 2025 at 5:06 PM
I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!
rvasec.com/rvasec-14-sp...
rvasec.com/rvasec-14-sp...