JPCERTCC / Windows-Symbol-Tables
Windows symbol tables for Volatility 3
☆72Updated 2 months ago
Related projects: ⓘ
- Use YARA rules on Time Travel Debugging traces☆86Updated last year
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆80Updated last year
- Collection of Volatility2 profiles, generated against Linux kernels.☆25Updated last week
- volatility explorer☆90Updated 3 years ago
- Elastic Security Labs releases☆46Updated 3 weeks ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆57Updated last year
- YARA rule analyzer to improve rule quality and performance☆93Updated 9 months ago
- Volatility Symbol Generator for Linux Kernels☆28Updated 10 months ago
- A small util to brute-force prefetch hashes☆73Updated 2 years ago
- A guide on how to write fast and memory friendly YARA rules☆123Updated last year
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆145Updated 8 months ago
- JPCERT/CC public YARA rules repository☆98Updated 3 months ago
- Cobalt Strike Beacon configuration extractor and parser.☆142Updated 3 years ago
- Yara Rules for Modern Malware☆68Updated 6 months ago
- ☆75Updated 3 weeks ago
- The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…☆29Updated 2 years ago
- Modular malware analysis artifact collection and correlation framework☆49Updated 4 months ago
- Finding secrets in kernel and user memory☆112Updated last year
- PowerShell Script Analyzer☆64Updated 10 months ago
- RegRipper4.0☆33Updated last year
- Alternative YARA scanning engine☆66Updated 2 years ago
- ☆214Updated 4 months ago
- A collection of tools and detections for the Sliver C2 Frameworj☆104Updated last year
- Rules Shared by the Community from 100 Days of YARA 2023☆76Updated last year
- Volatility plugin to retrieve the Full Volume Encryption Key in memory. The FVEK can then be used with the help of Dislocker to mount the…☆33Updated 4 years ago
- Collection of Volatility3 symbols, generated against Linux and macOS kernels.☆53Updated this week
- Volatility3 plugins developed and maintained by the community☆41Updated last year
- A specification and style guide for YARA rules☆34Updated 7 months ago
- VBScript & VBA source-to-source deobfuscator with partial-evaluation☆72Updated last month
- Repository of Yara Rules☆83Updated last week