monnappa22 / PsinfoLinks
Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related informa…
☆39Updated 9 years ago
Alternatives and similar repositories for Psinfo
Users that are interested in Psinfo are comparing it to the libraries listed below
Sorting:
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆142Updated 3 years ago
- Binary commandline executable to parse ETL files☆68Updated 7 years ago
- Evil Reflective DLL Injection Finder☆47Updated 7 years ago
- An advanced memory forensics framework☆96Updated 6 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆120Updated last year
- NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl☆38Updated 9 years ago
- Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if re…☆22Updated 6 years ago
- Windows link file (shortcuts) examiner☆67Updated last year
- Yet another registry parser☆137Updated 3 years ago
- YARA rules for use with ProcFilter☆88Updated 8 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- Parses the WMI object database....looking for persistence☆34Updated 6 years ago
- hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…☆40Updated 6 years ago
- Userland API monitor for threat hunting☆58Updated 5 years ago
- Handy scripts to speed up malware analysis☆35Updated 2 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆37Updated 2 years ago
- Lazy Office Analyzer☆122Updated 8 years ago
- PE Import Hash Generator☆79Updated 8 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆78Updated 11 years ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆51Updated 6 years ago
- A better strings utility!☆141Updated 3 months ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆115Updated 11 months ago
- Comae Hibernation File Decompressor☆154Updated 2 years ago
- TA505 unpacker Python 2.7☆47Updated 5 years ago
- Manipulate timestamps on NTFS☆52Updated 11 years ago
- VSCode extension for the YARA pattern matching language☆63Updated last year
- Random hunting ordiented yara rules☆98Updated 2 years ago
- MAEC Schemas and Schema Development☆89Updated 5 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆73Updated 10 months ago
- Extract common Windows artifacts from source images and VSCs☆63Updated 4 years ago