kevthehermit / volatility_plugins
Volatility Plugins
☆61Updated last year
Alternatives and similar repositories for volatility_plugins:
Users that are interested in volatility_plugins are comparing it to the libraries listed below
- Static based decoders for malware samples☆93Updated 4 years ago
- Toolset for research malware and Cobalt Strike beacons☆211Updated last month
- POSHSPY backdoor code☆43Updated 8 years ago
- Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)☆103Updated 4 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆86Updated 7 years ago
- Malware Sinkhole List in various formats☆103Updated 2 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Smart DLL execution for malware analysis in sandbox systems☆143Updated 10 years ago
- Post Exploitation agent which uses a browser to do C2 operations.☆102Updated 6 years ago
- An advanced memory forensics framework☆95Updated 5 years ago
- Cuckoo running in a nested hypervisor☆128Updated 4 years ago
- A tool for de-obfuscating PowerShell scripts☆68Updated 6 years ago
- A collection of PowerShell Modules for BloodHound/Empire Orchestration☆106Updated 7 years ago
- Simulating Adversary Operations☆93Updated 7 years ago
- ☆53Updated 6 years ago
- Historical list of {Cobalt Strike,NanoHTTPD} servers☆121Updated 5 years ago
- VBS Reversed TCP Meterpreter Stager☆87Updated 7 years ago
- Process HTTP Pcaps With YARA☆102Updated 11 years ago
- Simple web shell scanner written in Golang.☆89Updated 6 years ago
- Community-based integrated malware identification system☆82Updated 2 years ago
- Windows link file (shortcuts) examiner☆68Updated 10 months ago
- A "tiny" meterpreter stager☆128Updated 5 years ago
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆83Updated 2 years ago
- A command line tool for creating malicious outlook rules☆162Updated 6 years ago
- Uses Invoke-Shellcode to execute a payload and persist on the system.☆113Updated 8 years ago
- Created by Jeffrey Martin via the GitHub Connector☆49Updated 2 months ago
- Autoruns plugin for the Volatility framework☆121Updated 5 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆137Updated 2 years ago
- Carve NTFS USN records from binary data☆25Updated 7 years ago
- A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.☆170Updated 2 months ago