monnappa22 / PsinfoLinks
Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related informa…
☆36Updated 8 years ago
Alternatives and similar repositories for Psinfo
Users that are interested in Psinfo are comparing it to the libraries listed below
Sorting:
- Parses the WMI object database....looking for persistence☆32Updated 5 years ago
- Binary commandline executable to parse ETL files☆67Updated 7 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated 4 months ago
- Evil Reflective DLL Injection Finder☆47Updated 6 years ago
- Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if re…☆21Updated 6 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- TA505 unpacker Python 2.7☆47Updated 5 years ago
- Extract compressed memory pages from page-aligned data☆45Updated 6 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- Userland API monitor for threat hunting☆58Updated 5 years ago
- Tools and Binaries to use with KAPE☆12Updated 5 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- Yet another registry parser☆132Updated 3 years ago
- Windows link file (shortcuts) examiner☆68Updated last year
- Cuckoo running in a nested hypervisor☆128Updated 5 years ago
- A repository that maps API calls to Sysmon Event ID's.☆122Updated 2 years ago
- Generate YARA rules for OOXML documents.☆38Updated 2 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆86Updated 7 years ago
- NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl☆37Updated 8 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆137Updated 2 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago
- Parses IE's Automatic Crash Recovery Files☆16Updated 8 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆118Updated last year
- Steezy - Ghetto Yara Generation☆15Updated 2 years ago
- Lazy Office Analyzer☆122Updated 8 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆108Updated 4 years ago
- hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…☆40Updated 5 years ago
- mod to myaut2exe decompiler☆14Updated 7 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Updated 6 years ago