community
community copied to clipboard
Volatility plugins developed and maintained by the community
Created a new plugin to list namespaces and relative processes given a memory dump.
This adds another class named ```Ice9Scan``` to ```ZeusScan/zeusscan.py```. This new class provides the custom RC4 routine tailored to Ice9-malware, which is a slightly adapted Zeus derivative.
C:\Users\testaccount\distorm>python setup.py --verbose build running build running build_py not copying python\distorm3\_generated.py (output up-to-date) not copying python\distorm3\__init__.py (output up-to-date) not copying python\distorm3\__main__.py (output up-to-date) running build_ext Importing new compiler from distutils.msvc9compiler...
i copy your code import to volatility But there seems to be a problem. Can you help me 
## My Issue is: I am running volatility windows exe on windows 7 machine. Whenever I try matching multiple YARA rules with against a memory dump file by running following...
Plugin modified to be able to use unified output
'vol.py --plugins=path/to/ndispktscan -f memory.dmp --profile=Win7SP1x64 ndispktscan' output is showing on the terminal and it is difficult to process with the data if we saved the output to text file or...
In file community/DatQuoc/LinuxFirefox.py: class Linux_FFHis(linux_common.AbstractLinuxCommand): """Listing History of FireFox Browser""" def __init__(self,config, *args, **kwargs): linux_common.AbstractLinuxCommand.__init__(self, config, *args, **kwargs) def calculate(self): address_space = utils.load_as(self._config, astype = 'physical') row_avaiable = [] needles...