Velocidex / WinPmemLinks
The multi-platform memory acquisition tool.
☆802Updated last week
Alternatives and similar repositories for WinPmem
Users that are interested in WinPmem are comparing it to the libraries listed below
Sorting:
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆635Updated this week
- Living Off The Land Drivers☆1,206Updated last month
- RegRipper3.0☆615Updated 6 months ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆600Updated last week
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆581Updated last year
- ☆1,668Updated 9 months ago
- RDP Bitmap Cache parser☆539Updated 5 months ago
- ☆2,109Updated 2 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆755Updated last year
- DRAKVUF Sandbox - automated hypervisor-level malware analysis system☆1,151Updated this week
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,181Updated last month
- Dynamic unpacker based on PE-sieve☆736Updated last month
- Open Source EDR for Windows☆1,252Updated 2 years ago
- ☆772Updated 2 years ago
- A tool to kill antimalware protected processes☆1,452Updated 4 years ago
- Event Tracing For Windows (ETW) Resources☆389Updated 8 months ago
- AV/EDR evasion via direct system calls.☆1,891Updated 2 years ago
- ReversingLabs YARA Rules☆823Updated 2 weeks ago
- An Active Defense and EDR software to empower Blue Teams☆1,276Updated last year
- Elastic Security detection content for Endpoint☆1,226Updated last week
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,144Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆599Updated 3 months ago
- Parses $MFT from NTFS file systems☆248Updated last month
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,351Updated last month
- APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …☆1,345Updated 7 months ago
- ☆1,070Updated last year
- LSASS memory dumper using direct system calls and API unhooking.☆1,536Updated 4 years ago
- Sophos-originated indicators-of-compromise from published reports☆600Updated 3 weeks ago
- ☆494Updated last year
- ☆519Updated 3 weeks ago