mandiant / win10_rekall
Rekall Memory Forensic Framework
☆29Updated 5 years ago
Related projects ⓘ
Alternatives and complementary repositories for win10_rekall
- ☆24Updated 5 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆50Updated 2 years ago
- This is a simple tool to dump all the reparse points on an NTFS volume.☆31Updated 4 years ago
- Extract data of TTD trace file to a minidump☆28Updated last year
- ☆31Updated 4 years ago
- ☆21Updated 3 years ago
- ☆26Updated 3 weeks ago
- ☆28Updated 4 years ago
- Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.☆63Updated 3 years ago
- ☆24Updated 3 years ago
- Code snippets for Qiling Tutorials☆20Updated 4 years ago
- A collection of shellcode hashes☆17Updated 6 years ago
- ☆20Updated 4 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- A simple tool to view important DLL Characteristics and change DEP and ASLR☆45Updated 6 years ago
- Example for PagedOut!☆24Updated 5 years ago
- Crystal Anti-Exploit Protection 2012☆35Updated 4 years ago
- A small library helping to parse commandline parameters (for C/C++)☆53Updated last year
- ☆24Updated last year
- Converts exported results of CAPA tool from .json format to another formats supporting by different tools.☆22Updated 2 years ago
- Python 3 - Manipulation and conversation with different data type (Bytes operations)☆27Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆31Updated 3 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆34Updated 4 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆39Updated 2 months ago
- Yet another Windows DLL injector.☆38Updated 3 years ago
- ☆10Updated 2 years ago