├── .gitignore ├── AFF4 ├── __init__.py └── aff4.py ├── AdamBridge ├── README.md ├── __init__.py ├── linux_xwindows.py └── ndispktscan.py ├── AleksanderOsterud ├── Capabilities-example.pdf ├── MemoryDecompression.zip └── MemoryDecompressionV09 User Guide.pdf ├── AlessandroDeVito ├── README.md ├── __init__.py ├── chrome_ragamuffin.py ├── libchrome_5803029110.py └── libchrome_600311290.py ├── AlizHammond ├── README.md └── gargoyle.py ├── AndreasSchuster ├── __init__.py └── poisonivy.py ├── AndrewCook ├── __init__.py └── saveconfig.py ├── AngeloMirabella └── README.md ├── BlaineStancill └── README.md ├── CemGurkok ├── README.md ├── __init__.py └── bitcoin.py ├── CesarePizzi ├── README.md ├── Volatility_Plugin_Powershell.pdf └── powersh.py ├── Citronneur ├── README.md └── wnf.py ├── CsabaBarta ├── README.md ├── __init__.py ├── baseline.py ├── indx.py ├── logfile.py ├── malprocfind.py └── usnjrnl.py ├── DatQuoc ├── LinuxFirefox.py ├── Readme.pdf └── __init__.py ├── DaveLasalle ├── README.md ├── __init__.py ├── apihooksdeep.py ├── chromehistory.py ├── firefoxhistory.py ├── idxparser.py ├── malfinddeep.py ├── prefetch.py ├── sqlite_help.py ├── ssdeepscan.py ├── trustrecords.py └── uninstallinfo.py ├── DavidQuesada ├── README.md └── dash_volatility.xml ├── DimaPshoul ├── DimaPshoul - Volatility Contest 2016 Submission.pdf ├── README.md ├── __init__.py ├── callstacks.py ├── malfofind.py └── malthfind.py ├── ESET_Browserhooks ├── README.md ├── __init__.py ├── browserhooks.py └── browserhooks_documentation.pdf ├── EWF ├── __init__.py └── ewf.py ├── ElmarNabigaev ├── README.md └── vmtools.py ├── EnumFunc ├── __init__.py └── enumfunc.py ├── FabienPerigaud ├── README.md ├── __init__.py └── plugx.py ├── FabioPagani ├── README.md └── volc.zip ├── FrancescoPicasso ├── README.md ├── __init__.py └── mimikatz.py ├── FrankBlock ├── README.md ├── __init__.py ├── heap_analysis.py ├── keepassx.py ├── man.txt └── zsh.py ├── GlennEdwards ├── README.md ├── __init__.py └── system_info.py ├── JPCERT ├── LICENSE.txt ├── README.md ├── __init__.py └── apt17scan.py ├── JamaalSpeights ├── README.md ├── __init__.py └── msdecompress.py ├── JamesHall_KevinBreen ├── README.md ├── __init__.py └── usbstor.py ├── JavierVallejo ├── README.md ├── __init__.py └── symbolizemod.py ├── JeffBryner ├── README.md ├── __init__.py ├── facebook.py └── twitter.py ├── JoeGreenwood ├── README.md ├── __init__.py └── attributeht.py ├── KSLGroup_Threadmap ├── README.md ├── __init__.py ├── threadmap documentation.pdf └── threadmap.py ├── KevinBreen ├── README.md ├── __init__.py └── lastpass.py ├── KudelskiSecurity ├── README.md ├── __init__.py └── dyrescan.py ├── LoicJaquemet ├── README.md ├── __init__.py └── vol_haystack.py ├── LorenzLiebler ├── 2018_volcon_liebler_pub.pdf └── apx_maps.py ├── MarianoGraziano ├── README.md ├── __init__.py └── kstackps.py ├── MichaelBrown ├── HOW_IT_WORKS.md ├── README 2.md ├── README.md ├── TODO ├── TUTORIAL.md ├── __init__.py ├── analysis │ ├── README.md │ ├── create_test_db.py │ └── data │ │ ├── firefox_recovered_places.csv │ │ ├── firefox_tables.csv │ │ ├── firefox_tables_sql.csv │ │ └── recovered_testtable.csv ├── sqlitefind.py └── sqlitetools.py ├── MikeAuty ├── __init__.py └── scanprof.py ├── MonnappaKa ├── README.md ├── __init__.py ├── ghostrat.py ├── hollowfind.py ├── linux_mem_diff.py └── psinfo.py ├── NCCGroup ├── README.md ├── __init__.py └── fwhooks.py ├── NichlasHolm ├── README.md ├── __init__.py └── carve_packets.py ├── NickGk ├── LICENSE.txt ├── README.md ├── __init__.py └── facebook_extractor.py ├── PSDispScan ├── __init__.py └── psdispscan.py ├── PageCheck ├── __init__.py └── pagecheck.py ├── PeterCasey ├── README.md ├── vis.png ├── visualizer.py └── vivedump.py ├── PhilipHuppert ├── README.md ├── __init__.py ├── openvpn.py ├── rsakey.py └── vol-livemigration │ ├── LICENSE │ ├── README.md │ ├── __init__.py │ ├── extract.py │ └── vmotion.py ├── ProcessFuzzyHash ├── ProcessFuzzyHash │ ├── README.md │ ├── __init__.py │ ├── _exceptions.py │ ├── algorithms.py │ ├── dcfldd.py │ ├── enumtypes.py │ ├── installdeps.sh │ └── processfuzzyhash.py ├── README.md ├── __init__.py └── processfuzzyhash.pdf ├── README.md ├── RopFind └── README.md ├── ShachafAtun └── README.md ├── Shemulator ├── README.md ├── shemulator.py └── shemulator_api.py ├── ShimcacheMemory ├── README.md ├── __init__.py └── shimcachemem.py ├── ShuseiTomonaga └── README.md ├── SlaviParpulev ├── __init__.py └── psempire.py ├── StanislasLejay ├── README.md ├── __init__.py ├── linux │ ├── __init__.py │ └── get_profile.py └── profilescan.py ├── TakahiroHaruyama ├── IOCs │ ├── generic │ │ ├── 10d8f887-b625-426f-b134-8147a780c369_UAC_sdb.ioc │ │ ├── 26f643d6-6af9-4691-bfc3-f1823d4e9047_code_injection_hook.ioc │ │ ├── 2823537b-8c9a-454a-8bf4-3aa5ef76ec54_information-stealing_malware.ioc │ │ ├── 2b5527f3-e5c4-4f0b-b9fc-bcd2221c313c_PIC_PEB.ioc │ │ ├── 4219a887-d10f-499f-a028-5c459b9c83d5_code_injection_API.ioc │ │ ├── 710ec573-0b07-40a0-94b6-912af3272b08_LateralMovement_process.ioc │ │ ├── 7382c170-7e66-4d72-808e-5f703f39a38d_unusual_path.ioc │ │ ├── 7cf5ca41-5e20-4ff0-8fa4-23510b04485a_PIC.ioc │ │ ├── 840ae4e7-41eb-4132-a5fe-48c910d99b96_ntfsEA_driver.ioc │ │ ├── a50223b5-b213-43e9-beac-dfe9c1ca240c_rogue_svchost.ioc │ │ ├── b28d0314-ca44-45da-97e6-be540a92d929_hollowing.ioc │ │ ├── b61f88d5-9453-469b-94cd-c5ef59c972db_ntfsEA_proc.ioc │ │ ├── b78501b8-9aca-4eda-857f-cc409e269259_LateralMovement_file_reg.ioc │ │ ├── c02075e0-c6a4-4f4b-9ad1-0a8ca9232db3_inline_api_hooks_uknown.ioc │ │ ├── c7121f8f-8401-4f92-bb02-2be6bb48c3b4_code_injection_pattern.ioc │ │ ├── cdcd5fdb-fcd3-4947-8c76-d2fbdc1b5f82_UAC_COM.ioc │ │ ├── e2bd07db-dbfd-45f8-a81d-24314516d0c6_equation_driver_generic.ioc │ │ ├── e5f73cf8-55ed-463f-81ec-70ffaf81ade9_lsass_checks.ioc │ │ └── e747cd9d-2ed5-41fe-9e6a-64b49680eeca_unusual_path_shimcache.ioc │ └── specific │ │ ├── ec7eed9a-d266-4443-9333-0234cca0f682_equation_proc.ioc │ │ └── fb4064f7-8fcd-4a81-9584-cd874c365d12_equation_driver.ioc ├── PyIOCe_templates │ ├── indicator_terms.volatility │ └── parameters.volatility ├── README.md ├── __init__.py └── openioc_scan.py ├── TeamDecepticon └── [VAC] 2018_REPORT_DECEPTICON.pdf ├── TeamMalGround └── 2018 Volatility Analysis Contest Report_MalGround.pdf ├── Team_HSLFL └── [VAC2019] Report - Team HSLFS.pdf ├── ThomasChopitea ├── README.md ├── __init__.py └── autoruns.py ├── ThomasWhite ├── README.md ├── __init__.py ├── bitlocker.py └── filevault2.py ├── TomSpencer ├── README.md ├── __init__.py └── usnparser.py ├── TranVienHa ├── README.md ├── __init__.py ├── osint.conf ├── osint.py └── whitelist.txt ├── WMDF ├── README.md └── WMDF.pdf ├── WindowsToastNotifications ├── 20190927_Toast Notifications_Writeup.pdf ├── README.md └── toastplugin.py ├── WyattRoersma ├── README.md ├── __init__.py └── hpv.py ├── YingLi ├── README.md ├── __init__.py ├── python_strings.py └── ssh_agent_key.py ├── ZeusScan ├── __init__.py └── zeusscan.py ├── __init__.py ├── aim4r ├── LICENSE.txt ├── README.md ├── VolDiff.py └── __init__.py └── itayk ├── __init__.py ├── antianalysis.py └── apifinder.py /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/.gitignore -------------------------------------------------------------------------------- /AFF4/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AFF4/aff4.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AFF4/aff4.py -------------------------------------------------------------------------------- /AdamBridge/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AdamBridge/README.md -------------------------------------------------------------------------------- /AdamBridge/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /AdamBridge/linux_xwindows.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AdamBridge/linux_xwindows.py -------------------------------------------------------------------------------- /AdamBridge/ndispktscan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AdamBridge/ndispktscan.py -------------------------------------------------------------------------------- /AleksanderOsterud/Capabilities-example.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AleksanderOsterud/Capabilities-example.pdf -------------------------------------------------------------------------------- /AleksanderOsterud/MemoryDecompression.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AleksanderOsterud/MemoryDecompression.zip -------------------------------------------------------------------------------- /AleksanderOsterud/MemoryDecompressionV09 User Guide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AleksanderOsterud/MemoryDecompressionV09 User Guide.pdf -------------------------------------------------------------------------------- /AlessandroDeVito/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AlessandroDeVito/README.md -------------------------------------------------------------------------------- /AlessandroDeVito/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /AlessandroDeVito/chrome_ragamuffin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AlessandroDeVito/chrome_ragamuffin.py -------------------------------------------------------------------------------- /AlessandroDeVito/libchrome_5803029110.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AlessandroDeVito/libchrome_5803029110.py -------------------------------------------------------------------------------- /AlessandroDeVito/libchrome_600311290.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AlessandroDeVito/libchrome_600311290.py -------------------------------------------------------------------------------- /AlizHammond/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AlizHammond/README.md -------------------------------------------------------------------------------- /AlizHammond/gargoyle.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AlizHammond/gargoyle.py -------------------------------------------------------------------------------- /AndreasSchuster/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AndreasSchuster/poisonivy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AndreasSchuster/poisonivy.py -------------------------------------------------------------------------------- /AndrewCook/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AndrewCook/saveconfig.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AndrewCook/saveconfig.py -------------------------------------------------------------------------------- /AngeloMirabella/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/AngeloMirabella/README.md -------------------------------------------------------------------------------- /BlaineStancill/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/BlaineStancill/README.md -------------------------------------------------------------------------------- /CemGurkok/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CemGurkok/README.md -------------------------------------------------------------------------------- /CemGurkok/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /CemGurkok/bitcoin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CemGurkok/bitcoin.py -------------------------------------------------------------------------------- /CesarePizzi/README.md: -------------------------------------------------------------------------------- 1 | Author: Cesare Pizzi -------------------------------------------------------------------------------- /CesarePizzi/Volatility_Plugin_Powershell.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CesarePizzi/Volatility_Plugin_Powershell.pdf -------------------------------------------------------------------------------- /CesarePizzi/powersh.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CesarePizzi/powersh.py -------------------------------------------------------------------------------- /Citronneur/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/Citronneur/README.md -------------------------------------------------------------------------------- /Citronneur/wnf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/Citronneur/wnf.py -------------------------------------------------------------------------------- /CsabaBarta/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CsabaBarta/README.md -------------------------------------------------------------------------------- /CsabaBarta/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /CsabaBarta/baseline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CsabaBarta/baseline.py -------------------------------------------------------------------------------- /CsabaBarta/indx.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CsabaBarta/indx.py -------------------------------------------------------------------------------- /CsabaBarta/logfile.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CsabaBarta/logfile.py -------------------------------------------------------------------------------- /CsabaBarta/malprocfind.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CsabaBarta/malprocfind.py -------------------------------------------------------------------------------- /CsabaBarta/usnjrnl.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/CsabaBarta/usnjrnl.py -------------------------------------------------------------------------------- /DatQuoc/LinuxFirefox.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DatQuoc/LinuxFirefox.py -------------------------------------------------------------------------------- /DatQuoc/Readme.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DatQuoc/Readme.pdf -------------------------------------------------------------------------------- /DatQuoc/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /DaveLasalle/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/README.md -------------------------------------------------------------------------------- /DaveLasalle/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /DaveLasalle/apihooksdeep.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/apihooksdeep.py -------------------------------------------------------------------------------- /DaveLasalle/chromehistory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/chromehistory.py -------------------------------------------------------------------------------- /DaveLasalle/firefoxhistory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/firefoxhistory.py -------------------------------------------------------------------------------- /DaveLasalle/idxparser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/idxparser.py -------------------------------------------------------------------------------- /DaveLasalle/malfinddeep.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/malfinddeep.py -------------------------------------------------------------------------------- /DaveLasalle/prefetch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/prefetch.py -------------------------------------------------------------------------------- /DaveLasalle/sqlite_help.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/sqlite_help.py -------------------------------------------------------------------------------- /DaveLasalle/ssdeepscan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/ssdeepscan.py -------------------------------------------------------------------------------- /DaveLasalle/trustrecords.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/trustrecords.py -------------------------------------------------------------------------------- /DaveLasalle/uninstallinfo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DaveLasalle/uninstallinfo.py -------------------------------------------------------------------------------- /DavidQuesada/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DavidQuesada/README.md -------------------------------------------------------------------------------- /DavidQuesada/dash_volatility.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DavidQuesada/dash_volatility.xml -------------------------------------------------------------------------------- /DimaPshoul/DimaPshoul - Volatility Contest 2016 Submission.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DimaPshoul/DimaPshoul - Volatility Contest 2016 Submission.pdf -------------------------------------------------------------------------------- /DimaPshoul/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DimaPshoul/README.md -------------------------------------------------------------------------------- /DimaPshoul/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /DimaPshoul/callstacks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DimaPshoul/callstacks.py -------------------------------------------------------------------------------- /DimaPshoul/malfofind.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DimaPshoul/malfofind.py -------------------------------------------------------------------------------- /DimaPshoul/malthfind.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/DimaPshoul/malthfind.py -------------------------------------------------------------------------------- /ESET_Browserhooks/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ESET_Browserhooks/README.md -------------------------------------------------------------------------------- /ESET_Browserhooks/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /ESET_Browserhooks/browserhooks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ESET_Browserhooks/browserhooks.py -------------------------------------------------------------------------------- /ESET_Browserhooks/browserhooks_documentation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ESET_Browserhooks/browserhooks_documentation.pdf -------------------------------------------------------------------------------- /EWF/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /EWF/ewf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/EWF/ewf.py -------------------------------------------------------------------------------- /ElmarNabigaev/README.md: -------------------------------------------------------------------------------- 1 | Author: Elmar Nabigaev -------------------------------------------------------------------------------- /ElmarNabigaev/vmtools.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ElmarNabigaev/vmtools.py -------------------------------------------------------------------------------- /EnumFunc/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /EnumFunc/enumfunc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/EnumFunc/enumfunc.py -------------------------------------------------------------------------------- /FabienPerigaud/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FabienPerigaud/README.md -------------------------------------------------------------------------------- /FabienPerigaud/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /FabienPerigaud/plugx.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FabienPerigaud/plugx.py -------------------------------------------------------------------------------- /FabioPagani/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FabioPagani/README.md -------------------------------------------------------------------------------- /FabioPagani/volc.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FabioPagani/volc.zip -------------------------------------------------------------------------------- /FrancescoPicasso/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FrancescoPicasso/README.md -------------------------------------------------------------------------------- /FrancescoPicasso/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /FrancescoPicasso/mimikatz.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FrancescoPicasso/mimikatz.py -------------------------------------------------------------------------------- /FrankBlock/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FrankBlock/README.md -------------------------------------------------------------------------------- /FrankBlock/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /FrankBlock/heap_analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FrankBlock/heap_analysis.py -------------------------------------------------------------------------------- /FrankBlock/keepassx.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FrankBlock/keepassx.py -------------------------------------------------------------------------------- /FrankBlock/man.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FrankBlock/man.txt -------------------------------------------------------------------------------- /FrankBlock/zsh.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/FrankBlock/zsh.py -------------------------------------------------------------------------------- /GlennEdwards/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/GlennEdwards/README.md -------------------------------------------------------------------------------- /GlennEdwards/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /GlennEdwards/system_info.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/GlennEdwards/system_info.py -------------------------------------------------------------------------------- /JPCERT/LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JPCERT/LICENSE.txt -------------------------------------------------------------------------------- /JPCERT/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JPCERT/README.md -------------------------------------------------------------------------------- /JPCERT/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /JPCERT/apt17scan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JPCERT/apt17scan.py -------------------------------------------------------------------------------- /JamaalSpeights/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JamaalSpeights/README.md -------------------------------------------------------------------------------- /JamaalSpeights/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /JamaalSpeights/msdecompress.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JamaalSpeights/msdecompress.py -------------------------------------------------------------------------------- /JamesHall_KevinBreen/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JamesHall_KevinBreen/README.md -------------------------------------------------------------------------------- /JamesHall_KevinBreen/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /JamesHall_KevinBreen/usbstor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JamesHall_KevinBreen/usbstor.py -------------------------------------------------------------------------------- /JavierVallejo/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JavierVallejo/README.md -------------------------------------------------------------------------------- /JavierVallejo/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /JavierVallejo/symbolizemod.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JavierVallejo/symbolizemod.py -------------------------------------------------------------------------------- /JeffBryner/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JeffBryner/README.md -------------------------------------------------------------------------------- /JeffBryner/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /JeffBryner/facebook.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JeffBryner/facebook.py -------------------------------------------------------------------------------- /JeffBryner/twitter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JeffBryner/twitter.py -------------------------------------------------------------------------------- /JoeGreenwood/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JoeGreenwood/README.md -------------------------------------------------------------------------------- /JoeGreenwood/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /JoeGreenwood/attributeht.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/JoeGreenwood/attributeht.py -------------------------------------------------------------------------------- /KSLGroup_Threadmap/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/KSLGroup_Threadmap/README.md -------------------------------------------------------------------------------- /KSLGroup_Threadmap/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /KSLGroup_Threadmap/threadmap documentation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/KSLGroup_Threadmap/threadmap documentation.pdf -------------------------------------------------------------------------------- /KSLGroup_Threadmap/threadmap.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/KSLGroup_Threadmap/threadmap.py -------------------------------------------------------------------------------- /KevinBreen/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/KevinBreen/README.md -------------------------------------------------------------------------------- /KevinBreen/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /KevinBreen/lastpass.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/KevinBreen/lastpass.py -------------------------------------------------------------------------------- /KudelskiSecurity/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/KudelskiSecurity/README.md -------------------------------------------------------------------------------- /KudelskiSecurity/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /KudelskiSecurity/dyrescan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/KudelskiSecurity/dyrescan.py -------------------------------------------------------------------------------- /LoicJaquemet/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/LoicJaquemet/README.md -------------------------------------------------------------------------------- /LoicJaquemet/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /LoicJaquemet/vol_haystack.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/LoicJaquemet/vol_haystack.py -------------------------------------------------------------------------------- /LorenzLiebler/2018_volcon_liebler_pub.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/LorenzLiebler/2018_volcon_liebler_pub.pdf -------------------------------------------------------------------------------- /LorenzLiebler/apx_maps.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/LorenzLiebler/apx_maps.py -------------------------------------------------------------------------------- /MarianoGraziano/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MarianoGraziano/README.md -------------------------------------------------------------------------------- /MarianoGraziano/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /MarianoGraziano/kstackps.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MarianoGraziano/kstackps.py -------------------------------------------------------------------------------- /MichaelBrown/HOW_IT_WORKS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/HOW_IT_WORKS.md -------------------------------------------------------------------------------- /MichaelBrown/README 2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/README 2.md -------------------------------------------------------------------------------- /MichaelBrown/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/README.md -------------------------------------------------------------------------------- /MichaelBrown/TODO: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/TODO -------------------------------------------------------------------------------- /MichaelBrown/TUTORIAL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/TUTORIAL.md -------------------------------------------------------------------------------- /MichaelBrown/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /MichaelBrown/analysis/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/analysis/README.md -------------------------------------------------------------------------------- /MichaelBrown/analysis/create_test_db.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/analysis/create_test_db.py -------------------------------------------------------------------------------- /MichaelBrown/analysis/data/firefox_recovered_places.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/analysis/data/firefox_recovered_places.csv -------------------------------------------------------------------------------- /MichaelBrown/analysis/data/firefox_tables.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/analysis/data/firefox_tables.csv -------------------------------------------------------------------------------- /MichaelBrown/analysis/data/firefox_tables_sql.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/analysis/data/firefox_tables_sql.csv -------------------------------------------------------------------------------- /MichaelBrown/analysis/data/recovered_testtable.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/analysis/data/recovered_testtable.csv -------------------------------------------------------------------------------- /MichaelBrown/sqlitefind.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/sqlitefind.py -------------------------------------------------------------------------------- /MichaelBrown/sqlitetools.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MichaelBrown/sqlitetools.py -------------------------------------------------------------------------------- /MikeAuty/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /MikeAuty/scanprof.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MikeAuty/scanprof.py -------------------------------------------------------------------------------- /MonnappaKa/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MonnappaKa/README.md -------------------------------------------------------------------------------- /MonnappaKa/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /MonnappaKa/ghostrat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MonnappaKa/ghostrat.py -------------------------------------------------------------------------------- /MonnappaKa/hollowfind.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MonnappaKa/hollowfind.py -------------------------------------------------------------------------------- /MonnappaKa/linux_mem_diff.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MonnappaKa/linux_mem_diff.py -------------------------------------------------------------------------------- /MonnappaKa/psinfo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/MonnappaKa/psinfo.py -------------------------------------------------------------------------------- /NCCGroup/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/NCCGroup/README.md -------------------------------------------------------------------------------- /NCCGroup/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /NCCGroup/fwhooks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/NCCGroup/fwhooks.py -------------------------------------------------------------------------------- /NichlasHolm/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/NichlasHolm/README.md -------------------------------------------------------------------------------- /NichlasHolm/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /NichlasHolm/carve_packets.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/NichlasHolm/carve_packets.py -------------------------------------------------------------------------------- /NickGk/LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/NickGk/LICENSE.txt -------------------------------------------------------------------------------- /NickGk/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/NickGk/README.md -------------------------------------------------------------------------------- /NickGk/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /NickGk/facebook_extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/NickGk/facebook_extractor.py -------------------------------------------------------------------------------- /PSDispScan/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /PSDispScan/psdispscan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PSDispScan/psdispscan.py -------------------------------------------------------------------------------- /PageCheck/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /PageCheck/pagecheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PageCheck/pagecheck.py -------------------------------------------------------------------------------- /PeterCasey/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PeterCasey/README.md -------------------------------------------------------------------------------- /PeterCasey/vis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PeterCasey/vis.png -------------------------------------------------------------------------------- /PeterCasey/visualizer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PeterCasey/visualizer.py -------------------------------------------------------------------------------- /PeterCasey/vivedump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PeterCasey/vivedump.py -------------------------------------------------------------------------------- /PhilipHuppert/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PhilipHuppert/README.md -------------------------------------------------------------------------------- /PhilipHuppert/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /PhilipHuppert/openvpn.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PhilipHuppert/openvpn.py -------------------------------------------------------------------------------- /PhilipHuppert/rsakey.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PhilipHuppert/rsakey.py -------------------------------------------------------------------------------- /PhilipHuppert/vol-livemigration/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PhilipHuppert/vol-livemigration/LICENSE -------------------------------------------------------------------------------- /PhilipHuppert/vol-livemigration/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PhilipHuppert/vol-livemigration/README.md -------------------------------------------------------------------------------- /PhilipHuppert/vol-livemigration/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /PhilipHuppert/vol-livemigration/extract.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PhilipHuppert/vol-livemigration/extract.py -------------------------------------------------------------------------------- /PhilipHuppert/vol-livemigration/vmotion.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/PhilipHuppert/vol-livemigration/vmotion.py -------------------------------------------------------------------------------- /ProcessFuzzyHash/ProcessFuzzyHash/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ProcessFuzzyHash/ProcessFuzzyHash/README.md -------------------------------------------------------------------------------- /ProcessFuzzyHash/ProcessFuzzyHash/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /ProcessFuzzyHash/ProcessFuzzyHash/_exceptions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ProcessFuzzyHash/ProcessFuzzyHash/_exceptions.py -------------------------------------------------------------------------------- /ProcessFuzzyHash/ProcessFuzzyHash/algorithms.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ProcessFuzzyHash/ProcessFuzzyHash/algorithms.py -------------------------------------------------------------------------------- /ProcessFuzzyHash/ProcessFuzzyHash/dcfldd.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ProcessFuzzyHash/ProcessFuzzyHash/dcfldd.py -------------------------------------------------------------------------------- /ProcessFuzzyHash/ProcessFuzzyHash/enumtypes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ProcessFuzzyHash/ProcessFuzzyHash/enumtypes.py -------------------------------------------------------------------------------- /ProcessFuzzyHash/ProcessFuzzyHash/installdeps.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ProcessFuzzyHash/ProcessFuzzyHash/installdeps.sh -------------------------------------------------------------------------------- /ProcessFuzzyHash/ProcessFuzzyHash/processfuzzyhash.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ProcessFuzzyHash/ProcessFuzzyHash/processfuzzyhash.py -------------------------------------------------------------------------------- /ProcessFuzzyHash/README.md: -------------------------------------------------------------------------------- 1 | Author: Iñaki Abadía and Ricardo J. Rodríguez 2 | -------------------------------------------------------------------------------- /ProcessFuzzyHash/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /ProcessFuzzyHash/processfuzzyhash.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ProcessFuzzyHash/processfuzzyhash.pdf -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/README.md -------------------------------------------------------------------------------- /RopFind/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/RopFind/README.md -------------------------------------------------------------------------------- /ShachafAtun/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ShachafAtun/README.md -------------------------------------------------------------------------------- /Shemulator/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/Shemulator/README.md -------------------------------------------------------------------------------- /Shemulator/shemulator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/Shemulator/shemulator.py -------------------------------------------------------------------------------- /Shemulator/shemulator_api.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/Shemulator/shemulator_api.py -------------------------------------------------------------------------------- /ShimcacheMemory/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ShimcacheMemory/README.md -------------------------------------------------------------------------------- /ShimcacheMemory/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /ShimcacheMemory/shimcachemem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ShimcacheMemory/shimcachemem.py -------------------------------------------------------------------------------- /ShuseiTomonaga/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ShuseiTomonaga/README.md -------------------------------------------------------------------------------- /SlaviParpulev/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /SlaviParpulev/psempire.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/SlaviParpulev/psempire.py -------------------------------------------------------------------------------- /StanislasLejay/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/StanislasLejay/README.md -------------------------------------------------------------------------------- /StanislasLejay/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /StanislasLejay/linux/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /StanislasLejay/linux/get_profile.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/StanislasLejay/linux/get_profile.py -------------------------------------------------------------------------------- /StanislasLejay/profilescan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/StanislasLejay/profilescan.py -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/10d8f887-b625-426f-b134-8147a780c369_UAC_sdb.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/10d8f887-b625-426f-b134-8147a780c369_UAC_sdb.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/26f643d6-6af9-4691-bfc3-f1823d4e9047_code_injection_hook.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/26f643d6-6af9-4691-bfc3-f1823d4e9047_code_injection_hook.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/2823537b-8c9a-454a-8bf4-3aa5ef76ec54_information-stealing_malware.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/2823537b-8c9a-454a-8bf4-3aa5ef76ec54_information-stealing_malware.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/2b5527f3-e5c4-4f0b-b9fc-bcd2221c313c_PIC_PEB.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/2b5527f3-e5c4-4f0b-b9fc-bcd2221c313c_PIC_PEB.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/4219a887-d10f-499f-a028-5c459b9c83d5_code_injection_API.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/4219a887-d10f-499f-a028-5c459b9c83d5_code_injection_API.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/710ec573-0b07-40a0-94b6-912af3272b08_LateralMovement_process.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/710ec573-0b07-40a0-94b6-912af3272b08_LateralMovement_process.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/7382c170-7e66-4d72-808e-5f703f39a38d_unusual_path.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/7382c170-7e66-4d72-808e-5f703f39a38d_unusual_path.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/7cf5ca41-5e20-4ff0-8fa4-23510b04485a_PIC.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/7cf5ca41-5e20-4ff0-8fa4-23510b04485a_PIC.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/840ae4e7-41eb-4132-a5fe-48c910d99b96_ntfsEA_driver.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/840ae4e7-41eb-4132-a5fe-48c910d99b96_ntfsEA_driver.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/a50223b5-b213-43e9-beac-dfe9c1ca240c_rogue_svchost.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/a50223b5-b213-43e9-beac-dfe9c1ca240c_rogue_svchost.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/b28d0314-ca44-45da-97e6-be540a92d929_hollowing.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/b28d0314-ca44-45da-97e6-be540a92d929_hollowing.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/b61f88d5-9453-469b-94cd-c5ef59c972db_ntfsEA_proc.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/b61f88d5-9453-469b-94cd-c5ef59c972db_ntfsEA_proc.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/b78501b8-9aca-4eda-857f-cc409e269259_LateralMovement_file_reg.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/b78501b8-9aca-4eda-857f-cc409e269259_LateralMovement_file_reg.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/c02075e0-c6a4-4f4b-9ad1-0a8ca9232db3_inline_api_hooks_uknown.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/c02075e0-c6a4-4f4b-9ad1-0a8ca9232db3_inline_api_hooks_uknown.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/c7121f8f-8401-4f92-bb02-2be6bb48c3b4_code_injection_pattern.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/c7121f8f-8401-4f92-bb02-2be6bb48c3b4_code_injection_pattern.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/cdcd5fdb-fcd3-4947-8c76-d2fbdc1b5f82_UAC_COM.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/cdcd5fdb-fcd3-4947-8c76-d2fbdc1b5f82_UAC_COM.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/e2bd07db-dbfd-45f8-a81d-24314516d0c6_equation_driver_generic.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/e2bd07db-dbfd-45f8-a81d-24314516d0c6_equation_driver_generic.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/e5f73cf8-55ed-463f-81ec-70ffaf81ade9_lsass_checks.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/e5f73cf8-55ed-463f-81ec-70ffaf81ade9_lsass_checks.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/generic/e747cd9d-2ed5-41fe-9e6a-64b49680eeca_unusual_path_shimcache.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/generic/e747cd9d-2ed5-41fe-9e6a-64b49680eeca_unusual_path_shimcache.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/specific/ec7eed9a-d266-4443-9333-0234cca0f682_equation_proc.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/specific/ec7eed9a-d266-4443-9333-0234cca0f682_equation_proc.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/IOCs/specific/fb4064f7-8fcd-4a81-9584-cd874c365d12_equation_driver.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/IOCs/specific/fb4064f7-8fcd-4a81-9584-cd874c365d12_equation_driver.ioc -------------------------------------------------------------------------------- /TakahiroHaruyama/PyIOCe_templates/indicator_terms.volatility: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/PyIOCe_templates/indicator_terms.volatility -------------------------------------------------------------------------------- /TakahiroHaruyama/PyIOCe_templates/parameters.volatility: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/PyIOCe_templates/parameters.volatility -------------------------------------------------------------------------------- /TakahiroHaruyama/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/README.md -------------------------------------------------------------------------------- /TakahiroHaruyama/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /TakahiroHaruyama/openioc_scan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TakahiroHaruyama/openioc_scan.py -------------------------------------------------------------------------------- /TeamDecepticon/[VAC] 2018_REPORT_DECEPTICON.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TeamDecepticon/[VAC] 2018_REPORT_DECEPTICON.pdf -------------------------------------------------------------------------------- /TeamMalGround/2018 Volatility Analysis Contest Report_MalGround.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TeamMalGround/2018 Volatility Analysis Contest Report_MalGround.pdf -------------------------------------------------------------------------------- /Team_HSLFL/[VAC2019] Report - Team HSLFS.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/Team_HSLFL/[VAC2019] Report - Team HSLFS.pdf -------------------------------------------------------------------------------- /ThomasChopitea/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ThomasChopitea/README.md -------------------------------------------------------------------------------- /ThomasChopitea/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /ThomasChopitea/autoruns.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ThomasChopitea/autoruns.py -------------------------------------------------------------------------------- /ThomasWhite/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ThomasWhite/README.md -------------------------------------------------------------------------------- /ThomasWhite/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /ThomasWhite/bitlocker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ThomasWhite/bitlocker.py -------------------------------------------------------------------------------- /ThomasWhite/filevault2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ThomasWhite/filevault2.py -------------------------------------------------------------------------------- /TomSpencer/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TomSpencer/README.md -------------------------------------------------------------------------------- /TomSpencer/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /TomSpencer/usnparser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TomSpencer/usnparser.py -------------------------------------------------------------------------------- /TranVienHa/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TranVienHa/README.md -------------------------------------------------------------------------------- /TranVienHa/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /TranVienHa/osint.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TranVienHa/osint.conf -------------------------------------------------------------------------------- /TranVienHa/osint.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TranVienHa/osint.py -------------------------------------------------------------------------------- /TranVienHa/whitelist.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/TranVienHa/whitelist.txt -------------------------------------------------------------------------------- /WMDF/README.md: -------------------------------------------------------------------------------- 1 | Author: Hemant Kumar and Sajeev Nair 2 | 3 | See goo.gl/XC177B to download the framework -------------------------------------------------------------------------------- /WMDF/WMDF.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/WMDF/WMDF.pdf -------------------------------------------------------------------------------- /WindowsToastNotifications/20190927_Toast Notifications_Writeup.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/WindowsToastNotifications/20190927_Toast Notifications_Writeup.pdf -------------------------------------------------------------------------------- /WindowsToastNotifications/README.md: -------------------------------------------------------------------------------- 1 | Author: Rolf Govers and Max de Bruijn -------------------------------------------------------------------------------- /WindowsToastNotifications/toastplugin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/WindowsToastNotifications/toastplugin.py -------------------------------------------------------------------------------- /WyattRoersma/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/WyattRoersma/README.md -------------------------------------------------------------------------------- /WyattRoersma/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /WyattRoersma/hpv.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/WyattRoersma/hpv.py -------------------------------------------------------------------------------- /YingLi/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/YingLi/README.md -------------------------------------------------------------------------------- /YingLi/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /YingLi/python_strings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/YingLi/python_strings.py -------------------------------------------------------------------------------- /YingLi/ssh_agent_key.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/YingLi/ssh_agent_key.py -------------------------------------------------------------------------------- /ZeusScan/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ZeusScan/zeusscan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/ZeusScan/zeusscan.py -------------------------------------------------------------------------------- /__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /aim4r/LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/aim4r/LICENSE.txt -------------------------------------------------------------------------------- /aim4r/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/aim4r/README.md -------------------------------------------------------------------------------- /aim4r/VolDiff.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/aim4r/VolDiff.py -------------------------------------------------------------------------------- /aim4r/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /itayk/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /itayk/antianalysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/itayk/antianalysis.py -------------------------------------------------------------------------------- /itayk/apifinder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teamdfir/volatility-plugins-community/HEAD/itayk/apifinder.py --------------------------------------------------------------------------------