Three Buddy Problem Volexity’s Steven Adair on Russian Wi-Fi hacks, memory forensics, appliance 0days and network inspectability
4 snips
Nov 30, 2024 Steven Adair, the founder of Volexity and a cybersecurity expert, shares insights on crucial topics in the field. He discusses innovative approaches to memory forensics, emphasizing their importance in incident response. The conversation dives into Volexity's discoveries regarding Wi-Fi hacks and the complexities of EDR systems. Adair also addresses the rise of professional ransomware attacks, highlighting a recent Firefox zero-day and the emergence of a Linux bootkit. His expertise sheds light on significant vulnerabilities and the urgent need for robust network security.
AI Snips
Chapters
Books
Transcript
Episode notes
Memory Analysis Importance
- Memory analysis is crucial for deep-dive investigations and can uncover threats missed by EDR.
- Volexity's tools focus on acquiring and analyzing system memory across various platforms.
Supplement EDR
- Organizations shouldn't solely rely on EDR for threat detection.
- Consider memory forensics expertise and network telemetry for comprehensive security.
EDR Detection
- Volexity detected a Wi-Fi attack using an EDR query they developed and ran.
- The attack involved running a malicious file from the program data directory, a surprisingly obvious technique.