Using Volatility to Detect the 0-day Blacksheep with no Signatures
A team of researchers from the University of California at Santa Barbara demonstrated how Volatility could be used to monitor for indicators of compromise across an enterprise without signatures:
“Blacksheep functions by detecting anomalous memory dumps collected from a group of machines instead of looking for specific signatures of infection, it does not require the use of signatures. As such, it is well-built to handle previously-unseen malware threats.”
It’s great to see that Volatility continues to be the basis of research published at the nations top information security conferences. It’s exciting to think that the same industry leading framework that is used daily by digital forensics practitioners is also being used for cutting-edge research by some of the nations top security academics. Shoutz to the UCSB team!
