This is the homepage of Michael Ligh. I am a reverse engineer who specializes in vulnerability research, malware cryptography, and memory forensics. I'm co-founder and CTO of Volexity, a security firm based out of the Washington, D.C. area that specializes in assisting organizations with threat intelligence, incident response, forensics, and trusted security advisory. I'm also a core developer of The Volatility Framework, instructor of Windows Malware and Memory Forensics Training, and Secretary/Treasurer of The Volatility Foundation.

In the past, I've served as a Senior Security Intelligence Engineer at iDEFENSE and Director of Malware Research at Terremark. I've also served as Chief of Special Projects at MNIN Security, where I developed password recovery utilities for Microsoft and conducted large-scale forensic investigations for clients around the world.

Online profiles: You can find more about me on the following sites:

• Twitter (@iMHLv2 or @volatility)
• LinkedIn Profile
• Amazon Author Central

My books: I'm lead author of the following titles:

• Art of Memory Forensics (Wiley 2014)
• Malware Analyst's Cookbook (Wiley 2010)

My blogs: I'm a frequent contributor to these blogs:

• MNIN Security Blog
• The Volatility Labs Blog

My presentations: Talks I've given at Defcon or OMFW:

• Mastering TrueCrypt and Windows 8/2012 Memory Forensics
• Debuggers & Decryptor Development
• Making Fun of Your Malware
• Tracking Stuxnet's Footprint in Memory

Malware analysis:: Just a few of the more notorious ones:

• The original Zeus paper (2006)
• Decrypting Kollah/Glamour Ransomware
• 1st Conficker DGA Predictor
• Wireshark Plugin for Kraken C2 Decryption

Phishing investigations: My research goes back at least 12 years:

• Anatomy of a Phish
• Anatomy of a Phish (II)
• Anatomy of a Phish (III)
• Anatomy of a Phish (IV)