Update:

Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.

We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.

It was recently featured in a blog post by Mike Cohen:

https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1

Stay tuned for memory analysis with velo part 2!

#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2

Update:

Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.

We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.

It was recently featured in a blog post by Mike Cohen:

https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1

Stay tuned for memory analysis with velo part 2!

#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2

Our velociraptor plugin was accepted into the code base!

Have a look at the artifact exchange:
- https://docs.velociraptor.app/exchange/artifacts/pages/windows.memory.mem2disk/
- https://github.com/Velocidex/velociraptor-docs/pull/1118

#Pwr2 #DFIR #velociraptor