monnappa22 / Psinfo
Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related informa…
☆36Updated 8 years ago
Alternatives and similar repositories for Psinfo:
Users that are interested in Psinfo are comparing it to the libraries listed below
- Userland API monitor for threat hunting☆57Updated 5 years ago
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- mod to myaut2exe decompiler☆13Updated 7 years ago
- TA505 unpacker Python 2.7☆47Updated 4 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆132Updated 2 years ago
- Evil Reflective DLL Injection Finder☆47Updated 6 years ago
- Parses the WMI object database....looking for persistence☆31Updated 5 years ago
- Generate YARA rules for OOXML documents.☆38Updated last year
- Yet another registry parser☆131Updated 2 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated 3 weeks ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆115Updated 9 months ago
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- Capa analysis importer for Ghidra.☆61Updated 4 years ago
- Steezy - Ghetto Yara Generation☆15Updated last year
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆108Updated 4 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆107Updated 6 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated last year
- Volatility plugins created by the author☆44Updated 9 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- Extract compressed memory pages from page-aligned data☆42Updated 6 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆56Updated 2 years ago
- An advanced memory forensics framework☆94Updated 5 years ago
- MWDB exercises☆19Updated last month
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆192Updated 4 years ago
- A repository that maps API calls to Sysmon Event ID's.☆117Updated 2 years ago