monnappa22 / PsinfoLinks
Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related informa…
☆36Updated 8 years ago
Alternatives and similar repositories for Psinfo
Users that are interested in Psinfo are comparing it to the libraries listed below
Sorting:
- Binary commandline executable to parse ETL files☆67Updated 7 years ago
- Windows link file (shortcuts) examiner☆68Updated last year
- TA505 unpacker Python 2.7☆47Updated 5 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- Evil Reflective DLL Injection Finder☆47Updated 6 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆138Updated 2 years ago
- Steezy - Ghetto Yara Generation☆15Updated 2 years ago
- An advanced memory forensics framework☆94Updated 5 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if re…☆21Updated 6 years ago
- Capa analysis importer for Ghidra.☆61Updated 4 years ago
- Parses the WMI object database....looking for persistence☆32Updated 5 years ago
- Modified edition of cuckoo community modules☆32Updated 5 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆108Updated 4 years ago
- Parse Microsoft shim databases☆30Updated 6 months ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆51Updated 6 years ago
- Merge all Yara rules from official Yara github repository in one .yar file☆30Updated 7 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 7 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆118Updated last year
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago
- ☆43Updated 5 years ago
- Lazy Office Analyzer☆122Updated 8 years ago
- Yet another registry parser☆132Updated 3 years ago
- PE Import Hash Generator☆80Updated 7 years ago
- Userland API monitor for threat hunting☆58Updated 5 years ago
- Extract compressed memory pages from page-aligned data☆45Updated 6 years ago
- Network detector for Winnti malware☆20Updated 7 years ago
- CLI tool to analyze PE files☆87Updated 9 months ago