breppo / Volatility-BitLocker

Related projects ⓘ

Alternatives and complementary repositories for Volatility-BitLocker

• JPCERTCC / Windows-Symbol-Tables
  Windows symbol tables for Volatility 3
  ☆73Updated 4 months ago
• memoryforensics1 / VolExp
  volatility explorer
  ☆90Updated 4 years ago
• p0dalirius / volatility3-symbols
  Memory mapping profiles for forensic analysis using volatility 3
  ☆24Updated 2 years ago
• kevthehermit / volatility_symbols
  Volatility Symbol Generator for Linux Kernels
  ☆31Updated last year
• harelsegev / prefetch-hash-cracker
  A small util to brute-force prefetch hashes
  ☆73Updated 2 years ago
• tribalchicken / volatility-bitlocker
  Volatility plugin to extract BitLocker Full Volume Encryption Keys (FVEK)
  ☆62Updated 3 years ago
• ufrisk / MemProcFS-plugins
  ☆55Updated last month
• Velocidex / Linpmem
  Linpmem is a linux memory acquisition tool
  ☆74Updated 6 months ago
• Banaanhangwagen / WINHELLO2hashcat
  ☆68Updated 2 years ago
• embee-research / Yara-detection-rules
  Yara Rules for Modern Malware
  ☆67Updated 8 months ago
• Immersive-Labs-Sec / SliverC2-Forensics
  A collection of tools and detections for the Sliver C2 Frameworj
  ☆109Updated last year
• airbus-cert / vbSparkle
  VBScript & VBA source-to-source deobfuscator with partial-evaluation
  ☆73Updated 3 months ago
• volatilityfoundation / community3
  Volatility3 plugins developed and maintained by the community
  ☆45Updated last year
• DidierStevens / AdHoc
  AdHoc solutions
  ☆48Updated last year
• magicsword-io / bootloaders
  bootloaders.io is a curated list of known malicious bootloaders for various operating systems. The project aims to assist security profes…
  ☆48Updated last year
• evild3ad / Collect-MemoryDump
  Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
  ☆220Updated 8 months ago
• airbus-cert / minusone
  Powershell Linter
  ☆46Updated last month
• edygert / runsc
  runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is base…
  ☆36Updated last year
• Wh04m1001 / CVE-2023-20178
  ☆91Updated last year
• almandin / ntdsdotsqlite
  A small utility to translate NTDS.dit files to SQLite format.
  ☆62Updated last year
• janstarke / ntdsextract2
  This aims to be a collection of tools to forensically analyze Active Directory databases
  ☆20Updated 2 weeks ago
• JPCERTCC / Lazarus-research
  Lazarus analysis tools and research report
  ☆55Updated 11 months ago
• mgeeky / msidump
  MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
  ☆194Updated last year
• DidierStevens / FalsePositives
  Tools that trigger False Positive AV alerts
  ☆43Updated last year
• fox-it / dissect.cobaltstrike
  Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
  ☆147Updated last month
• boku7 / winx64-InjectAllProcessesMeterpreter-Shellcode
  64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
  ☆127Updated last year
• mandiant / SSSDKCMExtractor
  ☆53Updated last year
• jschicht / SetMace
  Manipulate timestamps on NTFS
  ☆49Updated 10 years ago
• bitsadmin / chophound
  Some scripts to support with importing large datasets into BloodHound
  ☆78Updated 11 months ago
• REW-sploit / REW-sploit
  Emulate and Dissect MSF and *other* attacks
  ☆139Updated 8 months ago