.@Volexity has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo. This case involved the breach of the victim organization’s MSP and multiple malware implants found on firewalls, cloud storage sync devices & NAS appliances. VerdantBamboo used a #0day privilege escalation exploit in the process and was also observed using administrative access to the victim organization's firewall to enable a custom VPN.
For more details on how the incident unfolded, the malware used by the threat actor, and the end goal of the intrusion, check out the full blog post: https://t.co/Qd0SWaLIgY
#dfir
🌄 Shoutout to our Bronze Sponsor, @Volexity — helpin’ fuel the ride and keep the momentum strong here in the Mile High City. ⚡
🔗https://t.co/3HoUB8fyBq
We couldn’t do it without you. #FIRSTCON26
Memory forensics is a required technique to detect and respond to modern malware. Come see Volcano in action at FIRST next week to learn how memory forensics can be applied at true enterprise scale.
Heading to Denver for #FIRSTCON26 next week? Stop by the @Volexity booth to see a demo of Volcano! We’ll show you how memory analysis with Volcano uncovers advanced threat actors and helps rapidly resolve your investigations.
Come find us at Booth 7 to talk threat hunting and triage workflows with our team, including @stevenadair & @attrc!
@FIRSTdotOrg #DFIR #FIRSTCON
Check out our blog on an activity we worked related to VerdantBamboo -- aka the TA that is known for wreaking havoc on edge devices and deploying BRICKSTORM. We found BRICKSTORM for BS on a pfSense firewall, new malware families, use of a 0day privesc, and custom VPN networks!
Our new blog post details our investigation into how a compromised MSP led to at least one of its customers being compromised, including deployment of the BRICKSTORM malware on multiple edge devices.
We are excited to welcome our 2026 #summerinternship students from @ND_CSE, @umdcs & @MAGEUMD! Over the next few months, they will be working alongside our engineering and threat intelligence teams on core software development and #memoryforensics research.
Learn more about our program and future opportunities: https://t.co/iohxI8OQJV
#dfir
The latest @DarknetDiaries (Ep. 174: Pacific Rim) offers a look at state-sponsored groups targeting perimeter infrastructure & edge devices. Thanks @JackRhysider for mentioning our work!
@Volexity’s detection and response efforts combined network visibility, host-based analysis, #threatintelligence & #memoryforensics, enabling us to discover these complex #0days being exploited in the wild.
Read our blog post for the original research mentioned: https://t.co/CD8eiXiriT
Ep 174 "Pacific Rim" is now live! 🔊
Sophos got attacked by a nation state actor. How they handled it is controversial. Curious what you would have done.
https://t.co/nuV2HYyEAu
.@Volexity Volcano Server & Volcano One v26.04.27 adds memory analysis for arm64 Windows, memory-only .NET assemblies, SRUM database, Linux systemd units, history & timers from RAM.
This release also adds detection of AppleScript usage, cleared Windows event logs, AV scanning of files & deployments across AWS accounts.
Contact us for more information: https://t.co/hKxUckBWL7
#memoryforensics #memoryanalysis #dfir
I am excited to announce that I will be speaking at @bsidesnash on May 15th. Be sure to attend to see all the latest @volatility 3 plugins against the most sophisticated and devastating malware from the wild!
Memory-only malware leaves no trace on the file system & is commonly used by threat actors ranging from criminal organizations to ransomware operators to APTs. In our @volatility 3 training, students gain deep hands on experience analyzing such threats:
https://t.co/kihCRhwaov
We have announced the winners of the 2025 @volatility#PluginContest! And the First Place is:
Daniel Baier for XFRM Inspector
Read the full Contest Results in our blog post:
https://t.co/D5lwMbOJV0
Congrats to all winners & thank you to all participants!
#DFIR#memoryforensics
Follow the GoResolver GitHub repo for future updates: https://t.co/vW6Xua87Y3
Special thanks to Killian Raimbaud for these updates & Ivan Maldenov for his work on the type recovery feature during his @Volexity internship. [8/8]
.@Volexity recently released GoResolver v1.4, bringing significant updates to our #opensource tool for recovering symbol data from obfuscated Go binaries. This release is available on GitHub: https://t.co/vW6Xua87Y3 [1/8]
Existing report files remain fully compatible with GoResolver v1.4. Previously generated JSON reports can still be imported using the latest plugin versions; there is no need to re-analyze old samples. [7/8]