Extracting FileVault 2 Keys with Volatility

This is a volatility plugin which can recover FileVault 2 Volume Master Keys from memory, based on a certain pattern. It has been briefly tested on OS X 10.9 – 10.11. Plugin on GitHub here [https://github.com/tribalchicken/volatility-filevault2]. This is aVolatility Framework [http://volatilityfoundation.org] plugin which is capable of recovering the… leer más

A look inside a malicious macro

An interesting sample landed in my samples database the other day. It’s an email with a word document attached. The email, as usual, claims that this company has found discrepancies on some transactions, and needs you to read the document to verify these transactions. [https://tribalchicken.net/content/images/2015/02/Screen-Shot-2015-02-11-at-9.30.19-pm.… leer más