community icon indicating copy to clipboard operation
community copied to clipboard

Volatility plugins developed and maintained by the community

Results 15 community issues
Sort by recently updated
recently updated
newest added

Created a new plugin to list namespaces and relative processes given a memory dump.

This adds another class named ```Ice9Scan``` to ```ZeusScan/zeusscan.py```. This new class provides the custom RC4 routine tailored to Ice9-malware, which is a slightly adapted Zeus derivative.

C:\Users\testaccount\distorm>python setup.py --verbose build running build running build_py not copying python\distorm3\_generated.py (output up-to-date) not copying python\distorm3\__init__.py (output up-to-date) not copying python\distorm3\__main__.py (output up-to-date) running build_ext Importing new compiler from distutils.msvc9compiler...

i copy your code import to volatility But there seems to be a problem. Can you help me ![image](https://user-images.githubusercontent.com/63699609/80273141-542ad900-8702-11ea-95a8-be865bf85027.png)

## My Issue is: I am running volatility windows exe on windows 7 machine. Whenever I try matching multiple YARA rules with against a memory dump file by running following...

Plugin modified to be able to use unified output

'vol.py --plugins=path/to/ndispktscan -f memory.dmp --profile=Win7SP1x64 ndispktscan' output is showing on the terminal and it is difficult to process with the data if we saved the output to text file or...

In file community/DatQuoc/LinuxFirefox.py: class Linux_FFHis(linux_common.AbstractLinuxCommand): """Listing History of FireFox Browser""" def __init__(self,config, *args, **kwargs): linux_common.AbstractLinuxCommand.__init__(self, config, *args, **kwargs) def calculate(self): address_space = utils.load_as(self._config, astype = 'physical') row_avaiable = [] needles...