AAron Walters
@4tphi.bsky.social
CEO/Founder @ volexity.com
Core Dev/Founder @ volatilityfoundation.org
Core Dev/Founder @ volatilityfoundation.org
Reposted by AAron Walters
Check out our recent blog post for more details on how UTA0388 used AI + LLMs in their operations: www.volexity.com/blog/2025/10...
APT Meets GPT: Targeted Operations with Untamed LLMs
Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initially observed campaigns were tail...
www.volexity.com
November 14, 2025 at 4:28 PM
Check out our recent blog post for more details on how UTA0388 used AI + LLMs in their operations: www.volexity.com/blog/2025/10...
Reposted by AAron Walters
@volexity.com has continued to see nation-state threat actors use AI + LLMs to assist in cyber attacks. Our recent research on a Chinese APT threat actor (UTA0388) using AI in its operation was something @stevenadair.bsky.social recently discussed with the @wsj.com.
Exclusive: China’s state-sponsored hackers used Anthropic’s AI model to automate break-ins of major corporations and foreign governments.
Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks
The use of AI automation in hacks is a growing trend that gives hackers additional scale and speed
on.wsj.com
November 14, 2025 at 4:28 PM
@volexity.com has continued to see nation-state threat actors use AI + LLMs to assist in cyber attacks. Our recent research on a Chinese APT threat actor (UTA0388) using AI in its operation was something @stevenadair.bsky.social recently discussed with the @wsj.com.
Reposted by AAron Walters
I had a great experience at #FTSCon on Monday. Both the speakers and the audience are such high caliber that an interesting discussion can be had at any point during the day. The information presented is useful for folks in any technical aspect of cybersecurity, not just DFIR folks.
1/3
1/3
October 24, 2025 at 7:58 PM
I had a great experience at #FTSCon on Monday. Both the speakers and the audience are such high caliber that an interesting discussion can be had at any point during the day. The information presented is useful for folks in any technical aspect of cybersecurity, not just DFIR folks.
1/3
1/3
Reposted by AAron Walters
Exclusive: China’s state-sponsored hackers used Anthropic’s AI model to automate break-ins of major corporations and foreign governments.
Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks
The use of AI automation in hacks is a growing trend that gives hackers additional scale and speed
on.wsj.com
November 13, 2025 at 5:07 PM
Exclusive: China’s state-sponsored hackers used Anthropic’s AI model to automate break-ins of major corporations and foreign governments.
Reposted by AAron Walters
The 13th annual @volatility #PluginContest is OPEN for submissions until 31 Dec 2025!
This contest is designed to encourage research & development in the field of #memoryanalysis. Every year, contributions from all around the world continue to help build the next generation of #memoryforensics.
This contest is designed to encourage research & development in the field of #memoryanalysis. Every year, contributions from all around the world continue to help build the next generation of #memoryforensics.
The 13th Annual Volatility Plugin Contest is Open!
We are excited to announce that the Volatility Plugin Contest is officially open for submissions! The annual Plugin Contest is your opportunity to: Directly contribute to the open source forensics …
volatilityfoundation.org
October 29, 2025 at 3:37 PM
The 13th annual @volatility #PluginContest is OPEN for submissions until 31 Dec 2025!
This contest is designed to encourage research & development in the field of #memoryanalysis. Every year, contributions from all around the world continue to help build the next generation of #memoryforensics.
This contest is designed to encourage research & development in the field of #memoryanalysis. Every year, contributions from all around the world continue to help build the next generation of #memoryforensics.
Reposted by AAron Walters
Not me with a big smile every time I get to talk about the @volatilityfoundation.org team in classes. They are so nice and so cool.
October 30, 2025 at 8:42 AM
Not me with a big smile every time I get to talk about the @volatilityfoundation.org team in classes. They are so nice and so cool.
Reposted by AAron Walters
We had a great day yesterday at #FTSCon 2025! FTSCon Week continues with @joegrand.bsky.social's Hardware Hacking Basics + #Volatility Malware & Memory Forensics training with @attrc.bsky.social, Michael Ligh + Dave Lassalle.
October 21, 2025 at 1:37 PM
We had a great day yesterday at #FTSCon 2025! FTSCon Week continues with @joegrand.bsky.social's Hardware Hacking Basics + #Volatility Malware & Memory Forensics training with @attrc.bsky.social, Michael Ligh + Dave Lassalle.
Reposted by AAron Walters
Coming up the week of October 20th: #FTSCon + TWO in-person #training opportunities!
Learn more here: volatilityfoundation.org/from-the-sou...
#dfir #memoryforensics #hardwarehacking
Learn more here: volatilityfoundation.org/from-the-sou...
#dfir #memoryforensics #hardwarehacking
September 29, 2025 at 5:16 PM
Coming up the week of October 20th: #FTSCon + TWO in-person #training opportunities!
Learn more here: volatilityfoundation.org/from-the-sou...
#dfir #memoryforensics #hardwarehacking
Learn more here: volatilityfoundation.org/from-the-sou...
#dfir #memoryforensics #hardwarehacking
Reposted by AAron Walters
@volexity.com Volcano Server & Volcano One v25.09.21 adds memory analysis support for ARM64 Linux, macOS 26 (Tahoe) & Windows 25H2, plus 75+ new YARA rules, 10+ new IOCs, analysis of udev rules & rolling upgrades for managed endpoints.
For more information, contact us: volexity.com/company/cont...
For more information, contact us: volexity.com/company/cont...
October 1, 2025 at 6:06 PM
@volexity.com Volcano Server & Volcano One v25.09.21 adds memory analysis support for ARM64 Linux, macOS 26 (Tahoe) & Windows 25H2, plus 75+ new YARA rules, 10+ new IOCs, analysis of udev rules & rolling upgrades for managed endpoints.
For more information, contact us: volexity.com/company/cont...
For more information, contact us: volexity.com/company/cont...
Reposted by AAron Walters
New Release: #volatility3 v2.26.2 - visit github.com/volatilityfo... for details and downloads.
#memoryforensics #dfir
#memoryforensics #dfir
September 29, 2025 at 10:19 PM
New Release: #volatility3 v2.26.2 - visit github.com/volatilityfo... for details and downloads.
#memoryforensics #dfir
#memoryforensics #dfir
Reposted by AAron Walters
At @bsidesorl.bsky.social, David McDonald and I will be delivering a hands-on workshop on using @volatilityfoundation.org 3 to detect sophisticated, memory-only malware as seen in the wild. Sign up ASAP before it fills!
🧰Workshop: Defeating Modern Malware by Andrew Case
Learn hands-on memory forensics w/ Volatility 3 to detect & triage advanced malware used by APT & ransomware groups.
https://bsorl.org/workshops
Learn hands-on memory forensics w/ Volatility 3 to detect & triage advanced malware used by APT & ransomware groups.
https://bsorl.org/workshops
September 2, 2025 at 2:50 PM
At @bsidesorl.bsky.social, David McDonald and I will be delivering a hands-on workshop on using @volatilityfoundation.org 3 to detect sophisticated, memory-only malware as seen in the wild. Sign up ASAP before it fills!
Reposted by AAron Walters
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
Malware and Memory Forensics Training - Memory Analysis
Malware and memory forensics training courses offered by the Memory Analysis Team.
memoryanalysis.net
September 3, 2025 at 5:11 PM
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
Reposted by AAron Walters
@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!
Go Get 'Em: Updates to Volexity Golang Tooling
Volexity’s GoResolver tool was released in April 2025 to help with analysis of these samples, reducing analyst load when working with obfuscated Golang binaries. However, there are still some difficul...
www.volexity.com
August 11, 2025 at 7:05 PM
@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!
Reposted by AAron Walters
We are proud to contribute to the open source community + work alongside students in our annual #internship program! If you would like to learn more about internships at Volexity, check out our program details here: www.volexity.com/internships/
Internships
A Volexity internship is an excellent way to build your resume. Apply your knowledge & expertise to some of the most challenging cybersecurity problems.
www.volexity.com
August 11, 2025 at 7:05 PM
We are proud to contribute to the open source community + work alongside students in our annual #internship program! If you would like to learn more about internships at Volexity, check out our program details here: www.volexity.com/internships/
Reposted by AAron Walters
The 13th annual @volatilityfoundation.org #PluginContest is now OPEN! This is a meaningful way to contribute to open source forensics & gain community-wide visibility for your work. And, as always, winners get cash prizes!
Submission Deadline: 31 December 2025
#dfir #memoryforensics
Submission Deadline: 31 December 2025
#dfir #memoryforensics
The 13th Annual Volatility Plugin Contest is Open!
We are excited to announce that the Volatility Plugin Contest is officially open for submissions! The annual Plugin Contest is your opportunity to: Directly contribute to the open source forensics …
volatilityfoundation.org
July 24, 2025 at 6:59 PM
The 13th annual @volatilityfoundation.org #PluginContest is now OPEN! This is a meaningful way to contribute to open source forensics & gain community-wide visibility for your work. And, as always, winners get cash prizes!
Submission Deadline: 31 December 2025
#dfir #memoryforensics
Submission Deadline: 31 December 2025
#dfir #memoryforensics
Reposted by AAron Walters
The next in-person Malware & Memory Forensics Training will be in Arlington VA, October 21–24, 2025! This is the only #memoryforensics course taught directly by the Volatility developers. Course registration includes a pass to #FTSCon!
Course details: memoryanalysis.net/courses-malw...
Course details: memoryanalysis.net/courses-malw...
July 9, 2025 at 7:18 PM
The next in-person Malware & Memory Forensics Training will be in Arlington VA, October 21–24, 2025! This is the only #memoryforensics course taught directly by the Volatility developers. Course registration includes a pass to #FTSCon!
Course details: memoryanalysis.net/courses-malw...
Course details: memoryanalysis.net/courses-malw...
Reposted by AAron Walters
This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!
The next in-person Malware & Memory Forensics Training will be in Arlington VA, October 21–24, 2025! This is the only #memoryforensics course taught directly by the Volatility developers. Course registration includes a pass to #FTSCon!
Course details: memoryanalysis.net/courses-malw...
Course details: memoryanalysis.net/courses-malw...
July 9, 2025 at 8:54 PM
This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!
Reposted by AAron Walters
@volexity.com researchers will be presenting at THREE conferences in Las Vegas this August! Here’s where you can hear about some of our latest research in #memoryforensics and automated malicious script detection and de-obfuscation:
[1/5]
[1/5]
July 10, 2025 at 4:53 PM
@volexity.com researchers will be presenting at THREE conferences in Las Vegas this August! Here’s where you can hear about some of our latest research in #memoryforensics and automated malicious script detection and de-obfuscation:
[1/5]
[1/5]
Reposted by AAron Walters
Monday, August 4: Detecting, Deobfuscating, and Preventing Obfuscated Script Execution with Tree-sitter @ BSides Las Vegas (bsideslv.org/talks#LBQDEB)
[2/5]
[2/5]
Talks - BSides Las Vegas
BSides Las Vegas is a nonprofit organization formed to stimulate the Information Security industry and community.
bsideslv.org
July 10, 2025 at 4:53 PM
Monday, August 4: Detecting, Deobfuscating, and Preventing Obfuscated Script Execution with Tree-sitter @ BSides Las Vegas (bsideslv.org/talks#LBQDEB)
[2/5]
[2/5]
Reposted by AAron Walters
Wednesday, August 6: Volatility 3 @ Black Hat Arsenal (www.blackhat.com/us-25/arsena...)
[3/5]
[3/5]
Black Hat
Black Hat
www.blackhat.com
July 10, 2025 at 4:53 PM
Wednesday, August 6: Volatility 3 @ Black Hat Arsenal (www.blackhat.com/us-25/arsena...)
[3/5]
[3/5]
Reposted by AAron Walters
Friday, August 8: Effectively Detecting Modern Malware with Volatility 3 Workshop @ DEF CON 33 (defcon.org/html/defcon-...)
[4/5]
[4/5]
DEF CON® Hacking Conference - Workshops
defcon.org
July 10, 2025 at 4:53 PM
Friday, August 8: Effectively Detecting Modern Malware with Volatility 3 Workshop @ DEF CON 33 (defcon.org/html/defcon-...)
[4/5]
[4/5]
Reposted by AAron Walters
Many members of the @volexity.com team will be also in Vegas, so if you’d like to meet up with our leadership, development, engineering, services, or threat intelligence teams, please reach out or complete our contact form: www.volexity.com/contact/meet...
[5/5]
[5/5]
Schedule a Meeting with Volexity in Las Vegas
Volexity will be in Las Vegas August 5 – 7, 2025! If you would like to schedule time with members of our leadership, development, engineering, and threat intelligence teams, and learn more about our r...
www.volexity.com
July 10, 2025 at 4:53 PM
Many members of the @volexity.com team will be also in Vegas, so if you’d like to meet up with our leadership, development, engineering, services, or threat intelligence teams, please reach out or complete our contact form: www.volexity.com/contact/meet...
[5/5]
[5/5]
Reposted by AAron Walters
@Volexity.com Volcano Server & Volcano One v25.06.12 adds ~600 new YARA rules, new IOCs for fake registered antivirus & hooked Linux kernel functions, as well as support for custom post-processing bash scripts, segmented directory watching & database optimization. [1/2]
June 18, 2025 at 4:43 PM
@Volexity.com Volcano Server & Volcano One v25.06.12 adds ~600 new YARA rules, new IOCs for fake registered antivirus & hooked Linux kernel functions, as well as support for custom post-processing bash scripts, segmented directory watching & database optimization. [1/2]
Reposted by AAron Walters
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
June 17, 2025 at 2:06 PM
I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.
Reposted by AAron Walters
I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!
rvasec.com/rvasec-14-sp...
rvasec.com/rvasec-14-sp...
RVAsec 14 Speaker Feature: Andrew Case - RVAsec
Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the m...
rvasec.com
May 19, 2025 at 5:06 PM
I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!
rvasec.com/rvasec-14-sp...
rvasec.com/rvasec-14-sp...