Mimikatz and Metasploit

Readers, good morning. How are you? It follows a very simple document about Mimikatz and Metasploit:


Finally, as my life is gradually returning to normal, soon I will start two series of articles (from scratch): Windows Debugging and Volatility. Stay tuned!

Have a nice day.

Alexandre Borges

(LinkedIn: http://www.linkedin.com/in/aleborges)

Volatility 2.4 Cheat Sheet and the best paper from DFRWS 2014

Hello people, how are you? Unfortunately, I am away from the blog because my crazy work, but I will be back soon. For now, it follows a simple link to the Volatility 2.4 Cheat Sheet:


Additionally, it follows the best paper from DFRWS 20014, which was written by Golden G. Richard III and Andrew Case:


I hope you are fine and have a nice day.

Alexandre Borges.

(LinkedIn: http://www.linkedin.com/in/aleborges)

Volatility – Official Training in Sao Paulo, Brazil – Complementary Information

Dear readers, good evening.

I have been talking to Michael Ligh (from Volatility team) and some new information follows:

During the course in Sao Paulo/Brazil, you will learn a massive amount of information. It follows some items (there are more than 70 topics!):

  • Volatility Internals
  • Interactive Memory Analysis with Volshell
  • Process DKOM and Cross-View
  • Analyzing a Client-Side Drive by Download
  • DLL Hijacking
  • API Hooking
  • Repairing Rootkit PE Headers for Static Analysis
  • Kernel Hooks
  • Registry in Memory
  • Anti-Forensics

The full agenda can be required sending a message to voltraining@memoryanalysis.net.

The prerequisites are listed on the following page: http://www.memoryanalysis.net/#!memory-forensics-training/c1q3n

If the attendee want to look over online evaluations about the course, it follows some links:



The course’s costs are (all USD)

  • $3800 USD for each regular attendee
  • % discounts off the regular price for groups of two or more from the same company
  • $1800 USD for full-time students in a forensics or security field

The course’s material (lessons guide, lab guide, etc.) follow in a summarized form:

  • 5 days (40 hours) of training, including lecture and hands-on labs Training book
  • Hard copy of the presentation materials Electronic lab guide with questions and answers to all hands-on exercises USB stick with Volatility logo, with memory dumps, evidence files, and malware samples
  • A pre-built VMware image running Linux configured with Volatility 2.4 Exclusive access to bleeding-edge Volatility plugins before they are released publicly Personalized course completion certificate with 40 CPE credits
  • Opportunity to enroll in the Volatility Training Alumni mailing list Discounts on industry-leading memory acquisition software such as KnTDD

More details about the course’s material can be viewed on http://www.memoryanalysis.net/#!memory-forensics-training/c1q3n

The email for payment is voltraining@memoryanalysis.net.

The Volatility team handle registrations in two ways:

  • credit cards through eventbrite.com (invites are sent privately once attendees contact us through the provided email address)
  • bank wire transfers

Additionally to official email address above, I’ve made an email account for questions about the Volatility training in Brazil: volatility_brazil@alexandreborges.org. I will try to answer the questions and I will forward messages to Volatility team when necessary some additional help.

A last and very important information: the Volatility course will be taught by Jamie Levy, Andrew Case and Michael Ligh.

I hope you like the training about the best tool for Forensic Memory Analysis of the world: Volatility.

Have a nice day.

Alexandre Borges

(LinkedIn: http://www.linkedin.com/in/aleborges)

Playing with ZFS Snapshots in Oracle Solaris 11.1

Dear friends, it follows my new article about ZFS on OTN:


I hope you like it. Have a nice day.

Alexandre Borges


Volatility – Official Training in Sao Paulo, Brazil

My friends, how are you? Finally, I can tell you a good news: next year (February, 02nd 2015), it will be available, in Sao Paulo, a training for forensic professionals about the most impressive, outstanding and incomparable forensic memory analysis tool of the world: VOLATILITY.

Michael Ligh, Jamie Levy and Andrew Case (The Volatility’s developers) are going to be in Sao Paulo for teaching a full week training (40 hours) about the Volatility. After having exchanged several messages (since March) with Michael Ligh, now everything is OK and this course is scheduled.

The official pages about the course follow below:




For now, my recommendation it’s to buy the newly published book (912 pages!) from Volatility team:


As Michael, Jamie and Andrew usually teach this course only in big events such as Black Hat, it’s a unique opportunity for learning Volatility by their developers.

Have a nice day.

Alexandre Borges.

(LinkedIn: http://www.linkedin.com/in/aleborges)

Finding modified, accessed and created files with macmatch.exe

People, good morning. How are you? Do you know how to discover what files changed between two defined dates ? Use macmatch.exe tool:


Have a nice day.

Alexandre Borges


Playing with ZFS Encryption In Oracle Solaris 11.1

Hello people, how are you? I’m a bit away from the blog because I am completely overloaded at work, but it was released my new article about ZFS on OTN (Oracle Technical Network):


Moreover, of course, you can read all published articles about ZFS so far on blog from great Rick Ramsey:


Have a nice day.

Alexandre Borges.

(LinkedIn: http://www.linkedin.com/in/aleborges)

PS: All my articles are reviewed by the excellent and outstanding Karen Perkins. Thanks, Karen. :)