Andrew Case's Avatar

Andrew Case

@attrc.bsky.social

Volatility Core developer, Dir. of Research Volexity, LSU Cyber

6,178 Followers  |  1,130 Following  |  31 Posts  |  Joined: 22.10.2024  |  1.7552

Latest posts by attrc.bsky.social on Bluesky

Preview
Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks In early 2025, Volexity published two blog posts detailing a new trend among Russian threat actors targeting organizations through the abuse of Microsoft 365 OAuth and Device Code authentication workf...

@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.

04.12.2025 18:36 β€” πŸ‘ 10    πŸ” 8    πŸ’¬ 0    πŸ“Œ 0

@volexity.com has continued to see nation-state threat actors use AI + LLMs to assist in cyber attacks. Our recent research on a Chinese APT threat actor (UTA0388) using AI in its operation was something @stevenadair.bsky.social recently discussed with the @wsj.com.

14.11.2025 16:28 β€” πŸ‘ 4    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Post image Post image Post image Post image

We had a great day yesterday at #FTSCon 2025! FTSCon Week continues with @joegrand.bsky.social's Hardware Hacking Basics + #Volatility Malware & Memory Forensics training with @attrc.bsky.social, Michael Ligh + Dave Lassalle.

21.10.2025 13:37 β€” πŸ‘ 3    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Post image

We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...

07.10.2025 16:47 β€” πŸ‘ 3    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Preview
From The Source 2025 Learn Directly from the World’s Leading Digital Investigators: On Monday, October 20, 2025, the Volatility Foundation is hosting From The Source, a one-day summit, in Arlington, VA, followed by fou…

The full lineup for our From the Source event is out! The event take places on October 20th in Arlington, VA. Joe Grand will keynote followed by an amazing speaker line up across two tracks. All proceeds will be donated to Connect Our Kids. volatilityfoundation.org/from-the-sou...

06.10.2025 15:49 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

With Volcano, security teams can automate the entire workflow of acquisition of memory and select files to deep analysis to automated alerts that directly point to signs of memory only malware and attacker activity throughout RAM and key artifacts sources from disk.

03.10.2025 17:05 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

#FTSCon Speaker Spotlight: Joe FitzPatrick (@securelyfitz.bsky.social) is presenting β€œRethinking DMA Attacks with Erebus” in the MAKER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

19.09.2025 13:23 β€” πŸ‘ 1    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Post image

#FTSCon Speaker Spotlight: Andrew Case (@attrc.bsky.social) is presenting β€œDetection and Analysis of Memory-Only Linux Rootkits” in the MAKER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

18.09.2025 21:34 β€” πŸ‘ 2    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Event Schedule BSides NYC is an Information / Security conference that’s different. We’re a 100% volunteer organized event put on by and for the community, and we truly strive to keep information free.

I am very happy to announce that @volexity.com will be well represented at @bsidesnyc.org! David McDonald will be speaking on his latest automated Powershell Deobfuscation research & I will present the latest Volatility 3 advancements against sophisticated Windows malware:

bsidesnyc.org/schedule/

08.09.2025 15:19 β€” πŸ‘ 3    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Preview
Malware and Memory Forensics Training - Memory Analysis Malware and memory forensics training courses offered by the Memory Analysis Team.

The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques

memoryanalysis.net/courses-malw...

03.09.2025 17:11 β€” πŸ‘ 7    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0
Preview
Malware and Memory Forensics Training - Memory Analysis Malware and memory forensics training courses offered by the Memory Analysis Team.

The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques

memoryanalysis.net/courses-malw...

03.09.2025 17:11 β€” πŸ‘ 7    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0
Preview
Announcing the Official Parity Release of Volatility 3! Visit the post for more.

We have converted the online course fully to Volatility 3 while also adding a significant amount of new materials and labs. Please see our blog post announcing this:

volatilityfoundation.org/announcing-t...

03.09.2025 15:40 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

At @bsidesorl.bsky.social, David McDonald and I will be delivering a hands-on workshop on using @volatilityfoundation.org 3 to detect sophisticated, memory-only malware as seen in the wild. Sign up ASAP before it fills!

02.09.2025 14:50 β€” πŸ‘ 7    πŸ” 5    πŸ’¬ 1    πŸ“Œ 0
Preview
CYBERWARCON

CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!!
We are back in Arlington, VA this year on November 19th.

www.cyberwarcon.com

28.08.2025 17:35 β€” πŸ‘ 29    πŸ” 22    πŸ’¬ 1    πŸ“Œ 9
Preview
Talks - BSides Las Vegas BSides Las Vegas is a nonprofit organization formed to stimulate the Information Security industry and community.

If you will be at @bsideslv.org on Monday, then be sure to check out David's talk on automated detection and de-obfuscation of malicious Powershell scripts!

bsideslv.org/talks#LBQDEB

03.08.2025 18:52 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0

This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!

09.07.2025 20:54 β€” πŸ‘ 6    πŸ” 8    πŸ’¬ 0    πŸ“Œ 0
Post image

I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.

17.06.2025 14:06 β€” πŸ‘ 38    πŸ” 11    πŸ’¬ 1    πŸ“Œ 0
Agenda - HOU.SEC.CON. 2025

I am excited to announce that I will be speaking at
@hou-sec-con.bsky.social at the end of September in Houston! Be sure to check out my talk on Tuesday morning and my friend @mayahustle.bsky.social's talk on Wednesday afternoon. Full agenda at the following link:

web.cvent.com/event/9ba9c5...

02.07.2025 14:09 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1

Super excited to help @attrc.bsky.social teach memory forensics at a @defcon.bsky.social workshop this year!

I'll also be at @bsideslv.org earlier in the week as well so if you run into me please say hi! (And I will have cool stickers)

02.07.2025 02:07 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

#LSU cyber students will teach new ways to fight malware at the world’s largest and longest-running hacking conference @defcon.bsky.social
www.lsu.edu/blog/2025/06...
#ScholarshipFirst #WBTTW @lsu.bsky.social @lsuengineering.bsky.social @attrc.bsky.social @volexity.com @volatilityfoundation.org

30.06.2025 17:00 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1

With Volcano for analysis and Surge Collect Pro for acquisition, you can automatically check your critical systems for signs of malware and attacker toolkits across memory and key artifact sources from disk. Contact us if you would like to schedule a virtual demo or one in person in Vegas!

18.06.2025 21:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

I am *very* excited to announce that the workshop I submitted to @defcon.bsky.social along with @lsu.bsky.social PhD students, Lauren Pace and Daniel Donze, was accepted!!! We will teach you how to automatically detect and analyze the sophisticated, memory-only malware techniques used in the wild.

17.06.2025 14:06 β€” πŸ‘ 38    πŸ” 11    πŸ’¬ 1    πŸ“Œ 0
Preview
Announcing FTSCon 2025 & In-person Malware and Memory Forensics Training! Mark your calendars for Monday, October 20, 2025! We will again be hosting FTSCon in Arlington, Virginia.You can read more event details here. Registration is now open!

The CFP for our 2nd annual From the Source event is now open! The event includes two tracks, the first for Makers of open source DFIR tools and the second for Hunters who have performed the most interesting investigations of the last year.

volatilityfoundation.org/announcing-f...

13.06.2025 17:48 β€” πŸ‘ 2    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Malware and Memory Forensics Training - Memory Analysis Malware and memory forensics training courses offered by the Memory Analysis Team.

Our highly popular and technical training, "Malware and Memory Forensics with Volatility", has been fully converted to @volatilityfoundation.org 3 and significantly updated, including many new sections and 8 new, in-depth labs. Available online & in VA in October

memoryanalysis.net/courses-malw...

11.06.2025 16:36 β€” πŸ‘ 7    πŸ” 4    πŸ’¬ 0    πŸ“Œ 1

I tried to strike a balance in this story between the dangers I was hearing about AI-assisted and "vibe coded" software and the hard, cold reality that there's probs no going back and this is going to be (if it isn't already) the "new normal" for huge chunks of software development.

Check it out!

04.06.2025 21:32 β€” πŸ‘ 12    πŸ” 7    πŸ’¬ 1    πŸ“Œ 0
Preview
RVAsec 14 Speaker Feature: Andrew Case - RVAsec Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the m...

I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!

rvasec.com/rvasec-14-sp...

19.05.2025 17:06 β€” πŸ‘ 9    πŸ” 7    πŸ’¬ 0    πŸ“Œ 0
Preview
RVAsec 14 Speaker Feature: Andrew Case - RVAsec Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the m...

I will be showing off Volatility 3 during my talk on Wednesday afternoon at RVASec. Be sure to attend and come say hello if you will be around!

rvasec.com/rvasec-14-sp...

19.05.2025 17:06 β€” πŸ‘ 9    πŸ” 7    πŸ’¬ 0    πŸ“Œ 0

We are VERY excited to announce that Volatility 3 has now reached feature parity with Volatility 2! With this parity release, Volatility 2 is now deprecated. Full details in the blog post linked below.

16.05.2025 15:08 β€” πŸ‘ 20    πŸ” 11    πŸ’¬ 0    πŸ“Œ 0

Check out this great research and new open source tool by our threat intel team!

01.04.2025 21:30 β€” πŸ‘ 13    πŸ” 7    πŸ’¬ 0    πŸ“Œ 1

I will be speaking at @kernelcon.bsky.social on Fri, Apr 3rd. The talk will cover previously-unreported features of the sedexp Linux malware found in the wild - including loading of a memory-only rootkit! Talk will cover how the rootkit was discovered & how to analyze with @volatilityfoundation.org

07.03.2025 18:47 β€” πŸ‘ 12    πŸ” 9    πŸ’¬ 0    πŸ“Œ 0

@attrc is following 19 prominent accounts