kevthehermit / volatility_plugins
Volatility Plugins
☆61Updated last year
Alternatives and similar repositories for volatility_plugins:
Users that are interested in volatility_plugins are comparing it to the libraries listed below
- Static based decoders for malware samples☆92Updated 4 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆85Updated 7 years ago
- Toolset for research malware and Cobalt Strike beacons☆209Updated 2 weeks ago
- Process HTTP Pcaps With YARA☆102Updated 11 years ago
- Smart DLL execution for malware analysis in sandbox systems☆143Updated 10 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Parse evtx files and detect use of the DanderSpritz eventlogedit module☆148Updated 7 years ago
- POSHSPY backdoor code☆43Updated 7 years ago
- Windows link file (shortcuts) examiner☆68Updated 9 months ago
- PE Import Hash Generator☆76Updated 7 years ago
- Malware Sinkhole List in various formats☆103Updated 2 years ago
- A python script used to parse the SAM registry hive.☆72Updated 7 years ago
- An advanced memory forensics framework☆94Updated 5 years ago
- ☆53Updated 6 years ago
- Collection of YARA signatures from individual research☆44Updated last year
- Decodes PlugX traffic and encrypted/compressed artifacts☆38Updated 11 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆83Updated 2 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆115Updated 10 months ago
- Cuckoo running in a nested hypervisor☆128Updated 4 years ago
- Community-based integrated malware identification system☆82Updated 2 years ago
- Volatility memory forensics plugin for extracting Windows DNS Cache☆29Updated 8 years ago
- volatility explorer☆91Updated 4 years ago
- ☆39Updated 2 years ago
- A tool for detecting VBA stomping.☆99Updated 2 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- ☆82Updated 8 years ago
- Historical list of {Cobalt Strike,NanoHTTPD} servers☆121Updated 5 years ago
- Autoruns plugin for the Volatility framework☆121Updated 5 years ago