monnappa22 / PsinfoLinks
Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related informa…
☆36Updated 8 years ago
Alternatives and similar repositories for Psinfo
Users that are interested in Psinfo are comparing it to the libraries listed below
Sorting:
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- Extract compressed memory pages from page-aligned data☆45Updated 6 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- mod to myaut2exe decompiler☆14Updated 7 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated 3 months ago
- Parses the WMI object database....looking for persistence☆31Updated 5 years ago
- TA505 unpacker Python 2.7☆47Updated 4 years ago
- Steezy - Ghetto Yara Generation☆15Updated 2 years ago
- Tools and Binaries to use with KAPE☆12Updated 5 years ago
- Documentation and parsers for different anti-virus quarantine formats.☆42Updated 4 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- Userland API monitor for threat hunting☆58Updated 5 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- PE Import Hash Generator☆80Updated 7 years ago
- Evil Reflective DLL Injection Finder☆47Updated 6 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆50Updated 6 years ago
- Generate YARA rules for OOXML documents.☆38Updated 2 years ago
- Yet another registry parser☆132Updated 3 years ago
- Ursnif beacon decryptor☆27Updated 2 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆118Updated last year
- Capa analysis importer for Ghidra.☆61Updated 4 years ago
- Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if re…☆21Updated 6 years ago
- Volatility plugins created by the author☆44Updated 9 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆56Updated 3 years ago
- Various capabilities for static malware analysis.☆78Updated 9 months ago
- Windows registry samples☆23Updated 6 years ago
- RegRipper wrapper for simplified bulk parsing or registry hives☆9Updated 6 years ago