image n/a

Security Literature

image n/a Hacker Challenge Report (pdf)
image n/a ANI 0-day Analysis (pdf)
image n/a Firepass Security Advisory (pdf)
image n/a eDir Remote Code Exec (pdf)
image n/a ZERT & MS VML Patch (pdf)
image n/a Python To Extract Malware (pdf)
image n/a Torpig VMM/IDT Signatures (pdf)
image n/a Vmware Shellcode Injection (pdf)
image n/a Unpacking FSG (pdf)
image n/a Hacking the Packer (pdf)
image n/a Life and Times of Ddabx (pdf)
image n/a W0rd 0-day Dissassembly
image n/a Cryptography of SSH2
image n/a Upload Scripts & Toolkits
image n/a Red-Headed Browsers & WMF
image n/a Classic Trimode Exploit
image n/a ISC Malware Quiz 5 (pdf)
image n/a Access Log Analytics 2006
image n/a Assorted Incidentals 2005
image n/a Scan of the Month 34
image n/a MS JVMs ByteVerify Trojan
image n/a Awstats Linux Rootkit
image n/a Tri-Mode Browser Exploits
image n/a Namibian TIBS Infection
image n/a Bestfriends and Sdbot Rootkit
image n/a Gwee Exploits Webmail
image n/a XSS, Triple-encoded Exploit
image n/a telnet:// used in IE Exploit
image n/a Investigating CHM Exploits
image n/a Investigating Netwin Malware
image n/a Short Security Discussions
image n/a Short Proof of Concepts
image n/a Attack Signatures and Analysis
image n/a First Trojan Tracking Journey


This is the homepage of Michael Ligh. I am a reverse engineer who specializes in vulnerability research, malware cryptography, and memory forensics. I'm co-founder and CTO of Volexity, a security firm based out of the Washington, D.C. area that specializes in assisting organizations with threat intelligence, incident response, forensics, and trusted security advisory. I'm also a core developer of The Volatility Framework, instructor of Windows Malware and Memory Forensics Training, and Secretary/Treasurer of The Volatility Foundation.

In the past, I've served as a Senior Security Intelligence Engineer at iDEFENSE and Director of Malware Research at Terremark. I've also served as Chief of Special Projects at MNIN Security, where I developed password recovery utilities for Microsoft and conducted large-scale forensic investigations for clients around the world.

Online profiles: You can find more about me on the following sites:

My books: I'm lead author of the following titles:

My blogs: I'm a frequent contributor to these blogs:

My presentations: Talks I've given at Defcon or OMFW:

Malware analysis:: Just a few of the more notorious ones:

Phishing investigations: My research goes back at least 12 years:

Art of Memory Forensics

Malware Analyst's Cookbook

Site design and layout with umm...a bash shell. Graphic by (Aaron Bieber)
Unless otherwise noted, this work is licensed with (Creative Commons Attribution License).