BJJ Blackbelt, Memory 4N6 nerd, malwareRE noob, poorly rated chess player.
Joined May 2014
- Tweets 2,338
- Following 893
- Followers 1,174
- Likes 4,938
242 Photos and videos
Quick post about a stealer masquerading as DocuSign shared by @malwrhunterteam: 6d979466596978ffcb633a0b8c47adedd0778555c0e513fc3d3c84bcef6f036b (macho - 6 VT hits) and uses simple XOR for strings.
🧵
1
7
24
7,711
Aaron Sparling retweeted
Mar 2
Security leaders are often trapped in endless assessments and opinion-giving without driving actual change. Staying busy with spreadsheets, dashboards, and emails doesn't move the organization forward.
Here's how we can break out of the "Chief Opinion Officer" mode: zeltser.com/chief-opinion-of…
8
53
5,030
REMnux v8 brings AI integration to the Linux malware analysis toolkit, by @helpnetsecurity:
helpnetsecurity.com/2026/02/…
22
60
3,488
Added Malcat Lite (@malcat4ever) to REMnux for analyzing binary files using a hex editor, disassembler, and file dissector: malcat.fr
2
19
81
5,891
My new site for learning macOS malware reverse engineering:
l0psec.github.io/Malware_RE_…
I got my start in RE by using @patrickwardle's awesome blog. I would download samples and follow along. So I created this to complement that with dives into specific code from recent samples.
8
91
404
25,151
Aaron Sparling retweeted
Feb 12
We're looking for a Principal Threat Intel Incident Commander here at @HuntressLabs ! Do you love to:
🔍 Conduct #DFIR analysis?
👀 Track threat actors?
🕸️ Work with others across different departments?
✍️ Write about your findings?
👩💼 Present your work?
👇
4
32
92
17,535
Aaron Sparling retweeted
Feb 13
We've uploaded our stream from last Thursday where we analyzed the Avalon Linux bot with IDA Pro. Throughout this stream we reversed its persistence, C2 functionality, encryption and command dispatcher. Enjoy!
1
10
41
2,006
Aaron Sparling retweeted
Jan 28
I'm happy to announce this new release.
REMnux based on Ubuntu 24.04 (Noble) is available now, along with a new, more resilient installer. Available as prebuilt VMs for VMware, Proxmox and VirtualBox, as well as a Docker container. Get your malware analysis toolkit from REMnux.org.
16
66
9,427
Aaron Sparling retweeted
Jan 30
.@volatility New Release: #volatility3 v2.27.0 - visit github.com/volatilityfoundat… for details and downloads.
#memoryforensics #dfir
41
134
9,063
Aaron Sparling retweeted
22 Aug 2025
the recording of my talk on the Black Hat show floor is up on yout00b :) youtu.be/whhOYRWd_rs
3
32
220
42,306
Aaron Sparling retweeted
12 Aug 2025
For those who missed it, our founder Joshua Reynolds featured the Binja Lattice MCP server on Prompt||GTFO here: youtube.com/watch?v=tNd_j0iG… where he highlighted reverse engineering malware with AI!
7
20
3,472
Aaron Sparling retweeted
13 Aug 2025
Just posted my @defcon slides (talk #2): "Binary Facades"
Mac malware may be compiled Mach-Os but can contain embedded scripts. Learn to spot these 'faux' binaries the techniques to extract their scripts ...skipping the disassembler entirely! 🍎🐛
speakerdeck.com/patrickwardl…
1
34
124
9,444
Aaron Sparling retweeted
24 Jul 2025
Now at #DFIRSummit: Aaron Sparling @OSINTlabworks @Walmarttech walks through forensic techniques for analyzing #TAILs—an OS built for anonymity. From RAM imaging to artifact recovery, this session tackles how to investigate what’s designed to disappear. #MemoryForensics #DFIR
2
2
1,344
Aaron Sparling retweeted
23 May 2025
We are excited to announce FTSCon 2025 on October 20, 2025, in Arlington VA! Registration is now OPEN we have a Call for Speakers.
Following FTSCon will be a 4-day Malware & Memory Forensics Training course with Volatility 3.
See the full details here: volatilityfoundation.org/ann…
11
12
10,530
Aaron Sparling retweeted
16 May 2025
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/ann…
3
154
348
54,517
Aaron Sparling retweeted
16 May 2025
We are VERY excited to announce that Volatility 3 has now reached feature parity with Volatility 2! With this parity release, Volatility 2 is now deprecated. Full details in the blog post linked below.
16 May 2025
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/ann…
3
27
72
12,260
You asked, we delivered: Binary Ninja 5.0 brings major iOS reversing upgrades! DYLD Shared Cache is now a first-class feature, with up to 18x faster performance and way smarter analysis across the board. binary.ninja/2025/04/23/5.0-…
1
13
49
4,099
23 Apr 2025
RT @Cellebrite: .@HeatherMahalik is back with another #TipTuesday - answering a topic that came up during our #C2CUserSummit.
Understandin…
3
Aaron Sparling retweeted
19 Mar 2025
I will be speaking on @volatility 3 next Saturday at @BsidesSD! Let me know if you will be around.
3 Mar 2025
On March 29th, I will be speaking at @BsidesSD on @volatility 3, including all its new features and plugins. Be sure to attend to catch a sneak peak at the new framework before the major release later this Spring!
5
13
2,491
Aaron Sparling retweeted
29 Jan 2025
Are you ready?
@carrier4n6 teaches endpoint triage tomorrow!
Triage investigations tell you:
→ What happened on your system
→ What to prioritize during the investigation
Don’t be a square.
(Or, do be?)
Either way, here’s how to register: attendee.gotowebinar.com/reg…
1
5
9
769