superponible / volatility-pluginsLinks
Plugins I've written for Volatility
☆209Updated last year
Alternatives and similar repositories for volatility-plugins
Users that are interested in volatility-plugins are comparing it to the libraries listed below
Sorting:
- Volatility plugins developed and maintained by the community☆365Updated 4 years ago
- Beta versions of my software☆263Updated 3 months ago
- Volatility profiles for Linux and Mac OS X☆329Updated 2 years ago
- RDP Bitmap Cache parser☆567Updated 8 months ago
- An advanced memory forensics framework☆96Updated 6 years ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆426Updated 4 years ago
- Volatility Plugins☆64Updated 2 years ago
- Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.☆206Updated 11 years ago
- Quickly debug shellcode extracted during malware analysis☆615Updated 2 years ago
- Cuckoo running in a nested hypervisor☆128Updated 5 years ago
- Setup scripts for my Malware Analysis VMs☆256Updated 3 years ago
- Generating YARA rules based on binary code☆216Updated 3 years ago
- Repository of yara rules☆48Updated 10 years ago
- Artifact analysis tools by JPCERT/CC Analysis Center☆463Updated last month
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆582Updated last year
- Parses amcache.hve files, but with a twist!☆142Updated 8 months ago
- Web App for Volatility framework☆386Updated 2 months ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆141Updated 3 years ago
- Parse evtx files and detect use of the DanderSpritz eventlogedit module☆148Updated 7 years ago
- Keep track of the labs from the book "Practical Malware Analysis"☆171Updated 6 years ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆448Updated 2 years ago
- ☆304Updated 5 years ago
- A tool for detecting VBA stomping.☆100Updated 3 years ago
- Windows Shortcut file (LNK) parser☆136Updated 2 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆220Updated 5 years ago
- A tool for de-obfuscating PowerShell scripts☆71Updated 6 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆199Updated 6 months ago
- Volatility plugin to extract BitLocker Full Volume Encryption Keys (FVEK)☆70Updated 4 years ago
- Windows symbol tables for Volatility 3☆90Updated last year
- snake - a malware storage zoo☆217Updated 2 years ago