The Volatility Foundation is an independent 501(c) (3) non-profit organization that maintains and promotes open source memory forensics with The Volatility Framework. They hold a contest. The volatility plugin contest is a chance to win money, shwag, and admiration of colleagues, giving back to the community. This contest is conducted since 2013 every year to talented analysts should be limited only by their creativity is not the tools that they use. This contest aims to inspire people to showcase their creativity.
There are many new and exciting features that are available for law enforcement, DF / IR-practitioners, analysts, malware, and researchers around the world, which can immediately be converted into their workflows according to the results in 2016. As a result of judging the seats were distributed as follows:
1. The first place and a cash prize of $ 1,800 USD is awarded Monnappa for Hollow Process Detection and Analysis. Monnappa’s hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert forensic analysis techniques. The plugin detects such attacks by finding discrepancies in the VAD, PEB, and other OS meta-data structures.
2. 2nd place and $ 800 the is for Kevin Breen VolUtility and LastPass Credential Recovery.
3. 3rd place and $ 450 goes Dima Pshoul for Advanced Malware Hunter’s Kit. Dima designed several creative ways to detect memory-only injected code, which is one of the major reasons why analysts rely on memory forensics.
4. 4th place and $ 100 goes to Mariano Graziano ROP Payload Analysis and Linux Kernel Symbol Finder.
5. 5th place and $ 100 was divided between the following members:
• Bart Inglot for RDP Key Extraction and Replay.
• Thomas White for Mac FileVault2 and Microsoft Bitlocker Key Extraction.
Some of the participants taking part in this competition is not the first time. The competition is sometimes very cruel, but everyone is a winner in this contest..
More.