JPCERTCC / Windows-Symbol-TablesLinks
Windows symbol tables for Volatility 3
☆88Updated last year
Alternatives and similar repositories for Windows-Symbol-Tables
Users that are interested in Windows-Symbol-Tables are comparing it to the libraries listed below
Sorting:
- RegRipper4.0☆58Updated 3 months ago
- Elastic Security Labs releases☆78Updated last month
- Volatility, on Docker 🐳☆34Updated 3 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆245Updated 4 months ago
- A small util to brute-force prefetch hashes☆78Updated 3 years ago
- JPCERT/CC public YARA rules repository☆110Updated 7 months ago
- YARA rule analyzer to improve rule quality and performance☆102Updated 3 months ago
- Volatility3 plugins developed and maintained by the community☆58Updated 2 years ago
- Volatility Symbol Generator for Linux Kernels☆35Updated last year
- Cobalt Strike Beacon configuration extractor and parser.☆154Updated 3 years ago
- A collection of tools and detections for the Sliver C2 Frameworj☆128Updated 2 years ago
- Dump quarantined files from Windows Defender☆64Updated 3 years ago
- Yara Rules for Modern Malware☆78Updated last year
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆125Updated 3 years ago
- Linux Evidence Acquisition Framework☆119Updated 10 months ago
- A C# based tool for analysing malicious OneNote documents☆114Updated 2 years ago
- yara detection rules for hunting with the threathunting-keywords project☆126Updated 2 months ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- A guide on how to write fast and memory friendly YARA rules☆149Updated 5 months ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆173Updated last month
- Configuration Extractors for Malware☆110Updated 3 months ago
- Volatility plugin to retrieve the Full Volume Encryption Key in memory. The FVEK can then be used with the help of Dislocker to mount the…☆51Updated 5 years ago
- Parses amcache.hve files, but with a twist!☆140Updated 6 months ago
- A ProcessMonitor visualization application written in rust.☆181Updated 2 years ago
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆83Updated 2 years ago
- LILO based Pulse Secure appliance disk image decryptor☆13Updated last year
- Rules Shared by the Community from 100 Days of YARA 2023☆78Updated 2 years ago
- The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access…☆71Updated this week
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆129Updated 6 months ago
- ☆141Updated last week