monnappa22 / Psinfo
Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related informa…
☆36Updated 8 years ago
Related projects ⓘ
Alternatives and complementary repositories for Psinfo
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- Parses the WMI object database....looking for persistence☆31Updated 4 years ago
- TA505 unpacker Python 2.7☆46Updated 4 years ago
- Extract compressed memory pages from page-aligned data☆41Updated 6 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆74Updated 4 months ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆115Updated 5 months ago
- Trace ScriptBlock execution for powershell v2☆39Updated 4 years ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆48Updated 5 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆131Updated 2 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆85Updated 7 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆56Updated 2 years ago
- Generate YARA rules for OOXML documents.☆37Updated last year
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Steezy - Ghetto Yara Generation☆15Updated last year
- Lazy Office Analyzer☆119Updated 7 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- Merge all Yara rules from official Yara github repository in one .yar file☆28Updated 6 years ago
- Telsy CTI Research Team☆57Updated 3 years ago
- Userland API monitor for threat hunting☆55Updated 4 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆30Updated 4 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆71Updated 10 months ago
- Evil Reflective DLL Injection Finder☆45Updated 6 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆37Updated last year
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆39Updated 2 years ago
- ☆82Updated 8 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆106Updated 3 years ago
- Carve NTFS USN records from binary data☆24Updated 7 years ago