WinpMem: Volatility's driver that lets malware volatilize

Name: WinpMem: Volatility's driver that lets malware volatilize
Duration: 57 min
Description: When an organization detects a compromise, the first responder's instinct is to reach for memory forensics tools — capture a RAM dump, feed it to Volatility, and reconstruct what the attacker did. Thi

Baptiste David

REcon 2025 · Day 2 · Main Track

When an organization detects a compromise, the first responder's instinct is to reach for memory forensics tools — capture a RAM dump, feed it to Volatility, and reconstruct what the attacker did. Thi

AI review

A forensic tool trusted to investigate compromised machines has kernel write primitives — this is exactly the kind of research that makes the security industry uncomfortable, and that's the point.

Watch on YouTube