monnappa22 / Psinfo
Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related informa…
☆36Updated 8 years ago
Alternatives and similar repositories for Psinfo:
Users that are interested in Psinfo are comparing it to the libraries listed below
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- Parses the WMI object database....looking for persistence☆31Updated 5 years ago
- Userland API monitor for threat hunting☆57Updated 4 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated last week
- Steezy - Ghetto Yara Generation☆15Updated last year
- TA505 unpacker Python 2.7☆47Updated 4 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Extract compressed memory pages from page-aligned data☆42Updated 6 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if re…☆21Updated 5 years ago
- Random hunting ordiented yara rules☆95Updated last year
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated last year
- Evil Reflective DLL Injection Finder☆46Updated 6 years ago
- Yet another registry parser☆130Updated 2 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Updated 5 years ago
- mod to myaut2exe decompiler☆14Updated 7 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆85Updated 7 years ago
- ☆27Updated 2 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- Manipulate timestamps on NTFS☆50Updated 10 years ago
- Miscellaneous Scripts☆17Updated 4 years ago
- Force-Directed Graph Generator for Volatility Ouputs☆26Updated 5 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆74Updated 10 years ago
- PE Import Hash Generator☆75Updated 7 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆115Updated 8 months ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- Parses IE's Automatic Crash Recovery Files☆16Updated 8 years ago
- RegRipper wrapper for simplified bulk parsing or registry hives☆9Updated 6 years ago
- Telsy CTI Research Team☆57Updated 4 years ago