Lucene search
K

61 matches found

FireEye
FireEye
added 2019/07/25 12:0 a.m.17 views

Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools

Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerati...

6.4AI score
Exploits0References10
Kitploit
Kitploit
added 2019/02/09 8:47 p.m.446 views

Volatility Workbench - A GUI For Volatility Memory Forensics

Volatility Workbench is a graphical user interface GUI for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2019/01/29 12:48 p.m.102 views

CIRTKit - Tools For The Computer Incident Response Team

One DFIR console to rule them all. Built on top of theViper Framework Documentation Please see the wiki for more information about CIRTKit and documentation Roadmap Future integrations Bit9 Palo Alto Networks EnCase/FTK Future modules Packet Analysis possibly Dshell Javascript...

6.7AI score
Exploits0References3
n0where
n0where
added 2018/07/10 6:24 p.m.33 views

Query Windows Machine for RAM Artifacts: memtriage

Allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to access physical memory, and Volatility for analysis. Caveats: Doesn’t work with Device Guard enabled. Should be tested on machines before deploying. Example Usage usage: memtriage.exe -...

6.9AI score
Exploits0References3
Kitploit
Kitploit
added 2018/05/17 1:30 p.m.14 views

Linux Screenshot XWindows - Volatility Plugin To Extract X Screenshots From A Memory Dump

The goal of this volatility plugin is to extract a screenshot of all open X windows from a memory dump. Overview The plugin first dumps the X server memory mappings. These mappings are then given in input to a C program loader, along with the output of Adam's plugin. This C program mmaps with the...

7.5AI score
Exploits0References1
The Hacker News
The Hacker News
added 2018/01/26 8:8 a.m.164 views

Someone Stole Almost Half a BILLION Dollars from Japanese Cryptocurrency Exchange

Coincheck, a Tokyo-based cryptocurrency exchange, has suffered what appears to be the biggest hack in the history of cryptocurrencies, losing $532 million in digital assets nearly $420 million in NEM tokens and $112 in Ripples. In 2014, Mt Gox, one of the largest bitcoin exchange at that time,...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/11/22 5:18 a.m.45 views

Talos Wins The 5th Volatility Plugin Contest With Pyrebox

Talos has won this year's 5th Volatility plugin contest with Pyrebox. Volatility is a well-known open-source framework designed to analyze operating system memory. The framework has existed since 2007. For the previous 5 years they have run a plugin contest to find the most innovative, interestin...

6.7AI score
Exploits0
Kitploit
Kitploit
added 2017/09/12 9:0 p.m.19 views

LiMEaide - Tool to remotely dump RAM of a Linux client

LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linu...

6.8AI score
Exploits0References7
n0where
n0where
added 2017/09/06 3:59 a.m.28 views

Remotely Dump Linux RAM: LiMEaide

LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linu...

0.1AI score
Exploits0References4
n0where
n0where
added 2017/08/07 9:56 p.m.21 views

Automated Privilege Escalation: portia

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders – known for their...

1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2017/01/04 8:48 p.m.13 views

Bitcoin Price Jumps Above $1150 — Highest in last 3 Years

What a good start of the New Year for those holding Bitcoins! Web-based digital currency Bitcoin has passed $1,110 for the first time on the Bitstamp Price Index BPI since early November 2013. Bitcoin broke the barrier on 1 January and now is trading above $1,150 mark at the time of writing,...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2016/10/21 2:21 p.m.139 views

ir-rescue - A Windows Batch Script To Comprehensively Collect Host Forensic Data

ir-rescue is a lightweight Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility and artifacts that are changed with the execution of the script e.g. , prefetch files. It is intended for incident response use a...

7AI score
Exploits0References5
n0where
n0where
added 2016/09/19 8:43 p.m.184 views

Windows Forensic Data Collection: IR-rescue

Windows Forensic Data Collection ir-rescue is a Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility. It is intended for incident response use at different stages in the analysis and investigation process. It...

6.6AI score
Exploits0References3
n0where
n0where
added 2016/02/29 6:17 p.m.44 views

Analyzing Linux Malware Sandbox: Limon

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution post-mortem analysis by...

7.6AI score
Exploits0References2
n0where
n0where
added 2016/02/25 6:44 p.m.30 views

Android Pentesting Portable Integrated Environment: Appie

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...

0.9AI score
Exploits0References8
Kitploit
Kitploit
added 2015/12/21 10:16 p.m.31 views

YaVol - GUI for Volatility Framework and Yara

This is just another GUI for volatility and yara which could make someone's life easier. It is inteded for Incident responders for quick examination of a memory image. Results are stored in sqlite db for reuse. 1. Installation Clone repo git clone https://[email protected]/Ft44k/yavol.git...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2014/11/20 9:47 p.m.14 views

DAMM - Differential Analysis of Malware in Memory

An open source memory analysis tool built on top of Volatility. It is meant as a proving ground for interesting new techniques to be made available to the community. These techniques are an attempt to speed up the investigation process through data reduction and codifying some expert knowledge...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2014/10/09 1:51 a.m.18 views

CAINE 6.0 "Dark Matter" - Distribution with a complete forensic environment

CAINE Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a project of Digital Forensics. Currently the project manager is Nanni Bassetti. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2014/06/26 3:42 p.m.34 views

Smart Pentester - An SSH based Penetration Testing Framework

Smart Pentester is an SSH based Penetration Testing Framework. It provides a GUI for well known tools like nmap, hping, tcpdump, volatility, hydra and etc. Smart Pentester Framework will provide you a User Interface for Penetration testing, Malware Analysis, Forensic Analysis, Cyber Intelligence,...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2013/11/09 12:44 a.m.20 views

[Volatility v2.3] The advanced memory forensics framework (Support of OSX)

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory RAM samples. The extraction techniques are performed completely independent of the system being investigated...

7.1AI score
Exploits0
Rows per page
Query Builder