Review And Summary

  • Many modern attacks are only present in memory
  • Velociraptor is able to gather volatile machine state
  • We learned sophisticated process visibility plugins:
    • Process tokens
    • Analyzing PE files from memory
    • Dumping memory resident injected binaries
1
Review And Summary Many modern attacks are only present in memory Velociraptor is able to gather volatile machine state We learned sophisticated process visibility plugins: Process tokens Analyzing PE files from memory Dumping memory resident injected binaries