Velocidex / WinPmemLinks
The multi-platform memory acquisition tool.
☆797Updated 6 months ago
Alternatives and similar repositories for WinPmem
Users that are interested in WinPmem are comparing it to the libraries listed below
Sorting:
- Living Off The Land Drivers☆1,180Updated 3 weeks ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆629Updated 2 months ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆587Updated last week
- ☆1,659Updated 9 months ago
- ☆2,106Updated 2 years ago
- RegRipper3.0☆612Updated 5 months ago
- Dynamic unpacker based on PE-sieve☆732Updated last week
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆581Updated last year
- DRAKVUF Sandbox - automated hypervisor-level malware analysis system☆1,139Updated last week
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆750Updated last year
- Windows kernel and user mode emulation.☆1,663Updated 2 months ago
- MBC content in markdown☆452Updated 2 months ago
- A wireshark plugin to instrument ETW☆559Updated 3 years ago
- ReversingLabs YARA Rules☆819Updated last month
- Open Source EDR for Windows☆1,250Updated 2 years ago
- ☆770Updated 2 years ago
- Noriben - Portable, Simple, Malware Analysis Sandbox☆1,156Updated last month
- Sophos-originated indicators-of-compromise from published reports☆594Updated last week
- Event Tracing For Windows (ETW) Resources☆387Updated 8 months ago
- A tool to kill antimalware protected processes☆1,451Updated 3 years ago
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,168Updated last week
- AV/EDR evasion via direct system calls.☆1,884Updated 2 years ago
- Collection of private Yara rules.☆354Updated last month
- RDP Bitmap Cache parser☆537Updated 4 months ago
- ☆1,060Updated last year
- ☆516Updated 7 months ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,533Updated 4 years ago
- PE-bear (builds only)☆779Updated 2 years ago
- An Active Defense and EDR software to empower Blue Teams☆1,277Updated last year
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆761Updated last week