Loki
volatility
Loki | volatility | |
---|---|---|
12 | 18 | |
3,226 | 6,935 | |
- | 1.1% | |
5.7 | 0.0 | |
2 months ago | 11 months ago | |
Python | Python | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Loki
-
My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device
You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki
-
Deep system malware detection
Link to Loki is here just in case you need it. https://github.com/Neo23x0/Loki
-
What are some of the most frequently used (or favorite) tools in your toolbox?
Loki - YARA/IOC scanner
-
PChunter equivalent on Linux?
loki
- Rage about CVE dataset quality(?)
-
Cybersecurity professionals - what’s your “toolkit”/process to check a desktop PC is clean (or infected), before concluding that a reinstall of the OS is needed?
https://github.com/Neo23x0/Loki is a good tool to check for the presence of anomalies.
-
Which rootkit scanner to use in a could environment ?
Nextron Thor Scanner
-
Proxyshell Vulnerability is Actively used in Exchange servers
Loki - Yara Scanning is recommended for checking the webshell https://github.com/Neo23x0/Loki
-
Question about spyware
I am not an expert, but this is what I would start by doing. Ideally, if you can read javascript, try and understand what the tampermonkey script does. If you still have script, you could try analysing it with tools such as loki. Even if loki doesnt match it you could compute the sha256 signature and look it up on valhalla.
- Is it possible to write an antivirus in python?
volatility
-
What is the appropriate uncompressed kernel ELF to use with dwarf2json? [ 5.19.0-42-generic #43~22.04.1-Ubuntu ], in order to create generate a custom symbols table to conduct linux memory forensics on Ubuntu 22.04?
I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: volatilityfoundation/volatility#828)
-
volatility memory analysis ep.8 – linux/mac Q!
Take a look at this link and specifically note how the profiles are named, especially Ubuntu - https://github.com/volatilityfoundation/volatility/wiki/Linux-Command-Reference
-
Dump file without a extension
I think the typical tool for analyzing OS memory dumps is Volatility but I can't give you a course in how to use it, that is supposedly what your school should be doing.
- memory dump with FTK Imager
-
How to inspect a Linux machine
Analyzing memory dumps can be hard, especially at the beginning. You might want to use comprehensive Frameworks like volatility.
-
Does anyone know why volatility isnt working?
git clone https://github.com/volatilityfoundation/volatility.git whenever i want to run something I get PS C:\Users\czare_000\python-course-for-beginners\bs4\volatility> & C:/Users/czare_000/AppData/Local/Programs/Python/Python310/python.exe c:/Users/czare_000/python-course-for-beginners/bs4/volatility/volatility/debug.py Traceback (most recent call last): File "c:\Users\czare_000\python-course-for-beginners\bs4\volatility\volatility\debug.py", line 27, in import volatility.conf ModuleNotFoundError: No module named 'volatility' or i also get except Exception, e: ^^^^^^^^^^^^ SyntaxError: multiple exception types must be parenthesized
-
Analyzing raw image
Volatility is python based so you will need to install it and volatility's required dependencies. You can find the install instructions here https://github.com/volatilityfoundation/volatility
-
PChunter equivalent on Linux?
volatility - Version 2 Version 3
- How do you work on memory analysis nowadays? Discussion about the Volatility status.
-
RAM Memory Analysis volatility
The volatility wiki should have instructions you need. Just follow the steps here (https://github.com/volatilityfoundation/volatility/wiki/Linux#making-the-profile)
What are some alternatives?
yara - The pattern matching swiss knife
shellbags - Cross-platform, open-source shellbag parser
reversinglabs-yara-rules - ReversingLabs YARA Rules
binwalk - Firmware Analysis Tool [Moved to: https://github.com/ReFirmLabs/binwalk]
signature-base - YARA signature and IOC database for my scanners and tools
volatility3 - Volatility 3.0 development
hazedumper - up to date csgo offsets and hazedumper config
MalConfScan - Volatility plugin for extracts configuration data of known malware
Veil-Evasion - Veil Evasion is no longer supported, use Veil 3.0!
picoCTF - The platform used to run picoCTF 2019.
pyHanko - pyHanko: sign and stamp PDF files
radare2 - UNIX-like reverse engineering framework and command-line toolset [Moved to: https://github.com/radareorg/radare2]