This repository contains a set of plugins for Volatility 3

Related tags

Financevolatility_plugins
Overview

volatility_plugins

This repository contains a set of plugins for Volatility 3 These plugins are not compatible with Volatility 2

To use these plugins you will need to use the -p /path/to/volatility_pugins as a command line option when running vol for specific usages please refer to each individual plugin.

Cobaltstrike

This plugin has the following components.

Configuration Extraction

This plugin will scan all process in active memory for signs of a Cobalt Strike Configuration block, if found it will attempt to parse and extract relevant information.

We do not render the full configuration only select elements. A future update will expand the presented fields.

Examples

Scan and output in to JSON format

vol -r json -f Server16-CobaltStrike.raw -p ./volatility_plugins/ cobaltstrike

Volatility 3 Framework 2.0.0
Progress:  100.00		PDB scanning finished                        
[
  {
    "Jitter": 0,
    "License ID": xxxxxxxxxx,
    "PID": 4396,
    "POST_PATH": "",
    "Pipe": "\\\\.\\pipe\\msagent_89",
    "Port": 4444,
    "Process": "ShellExperienc",
    "Server": "",
    "Sleep": 10000,
    "__children": [],
    "x64 Install_Path": "%windir%\\sysnative\\rundll32.exe",
    "x86 Install_Path": "%windir%\\syswow64\\rundll32.exe"
  },
  {
    "Jitter": 0,
    "License ID": xxxxxxxxxx,
    "PID": 4396,
    "POST_PATH": "",
    "Pipe": "\\\\.\\pipe\\msagent_89",
    "Port": 4444,
    "Process": "ShellExperienc",
    "Server": "",
    "Sleep": 10000,
    "__children": [],
    "x64 Install_Path": "%windir%\\sysnative\\rundll32.exe",
    "x86 Install_Path": "%windir%\\syswow64\\rundll32.exe"
  },
  {
    "Jitter": 0,
    "License ID": xxxxxxxxxx,
    "PID": 4604,
    "POST_PATH": "/submit.php",
    "Pipe": "",
    "Port": 443,
    "Process": "rundll32.exe",
    "Server": "yellowzinc.corp,/ca",
    "Sleep": 5000,
    "__children": [],
    "x64 Install_Path": "%windir%\\sysnative\\rundll32.exe",
    "x86 Install_Path": "%windir%\\syswow64\\rundll32.exe"
  }
]

Scan and output in table format

vol -r pretty -f Server16-CobaltStrike.raw -p ./volatility_plugins/ cobaltstrike

Volatility 3 Framework 2.0.0
Formatting...0.00		PDB scanning finished                        
  |  PID |        Process | Port | Sleep | Jitter |            Server |   POST_PATH |               x86 Install_Path |                x64 Install_Path |                Pipe | License ID
* | 4396 | ShellExperienc | 4444 | 10000 |      0 |                   |             | %windir%\syswow64\rundll32.exe | %windir%\sysnative\rundll32.exe | \\.\pipe\msagent_89 | xxxxxxxxxx
* | 4396 | ShellExperienc | 4444 | 10000 |      0 |                   |             | %windir%\syswow64\rundll32.exe | %windir%\sysnative\rundll32.exe | \\.\pipe\msagent_89 | xxxxxxxxxx
* | 4604 |   rundll32.exe |  443 |  5000 |      0 | yellowzinc.corp,/ca | /submit.php | %windir%\syswow64\rundll32.exe | %windir%\sysnative\rundll32.exe |                     | xxxxxxxxxx
Owner
Immersive-Labs-Sec
Immersive-Labs-Sec
GitHub Repository
Python Backtesting library for trading strategies

backtrader Yahoo API Note: [2018-11-16] After some testing it would seem that data downloads can be again relied upon over the web interface (or API v

DRo 9.8k Dec 30, 2022
Indicator divergence library for python

Indicator divergence library This module aims to help to find bullish/bearish divergences (regular or hidden) between two indicators using argrelextre

8 Dec 13, 2022
Portfolio and risk analytics in Python

pyfolio pyfolio is a Python library for performance and risk analysis of financial portfolios developed by Quantopian Inc. It works well with the Zipl

Quantopian, Inc. 4.8k Jan 08, 2023
An open source reinforcement learning framework for training, evaluating, and deploying robust trading agents.

TensorTrade: Trade Efficiently with Reinforcement Learning TensorTrade is still in Beta, meaning it should be used very cautiously if used in producti

4k Dec 30, 2022
Performance analysis of predictive (alpha) stock factors

Alphalens Alphalens is a Python Library for performance analysis of predictive (alpha) stock factors. Alphalens works great with the Zipline open sour

Quantopian, Inc. 2.5k Dec 28, 2022
Find big moving stocks before they move using machine learning and anomaly detection

Surpriver - Find High Moving Stocks before they Move Find high moving stocks before they move using anomaly detection and machine learning. Surpriver

Tradytics 1.5k Dec 31, 2022
This repository provides all Python codes and Jupyter Notebooks of the book Python for Finance

Python for Finance (O'Reilly) This repository provides all Python codes and Jupyter Notebooks of the book Python for Finance -- Analyze Big Financial

Yves Hilpisch 1.6k Jan 03, 2023
A python wrapper for Alpha Vantage API for financial data.

alpha_vantage Python module to get stock data/cryptocurrencies from the Alpha Vantage API Alpha Vantage delivers a free API for real time financial da

Romel Torres 3.8k Jan 07, 2023
High-performance TensorFlow library for quantitative finance.

TF Quant Finance: TensorFlow based Quant Finance Library Table of contents Introduction Installation TensorFlow training Development roadmap Examples

Google 3.5k Jan 01, 2023
Common financial technical indicators implemented in Pandas.

FinTA (Financial Technical Analysis) Common financial technical indicators implemented in Pandas. This is work in progress, bugs are expected and resu

1.8k Dec 31, 2022
Common financial risk and performance metrics. Used by zipline and pyfolio.

empyrical Common financial risk metrics. Table of Contents Installation Usage Support Contributing Testing Installation pip install empyrical Usage S

Quantopian, Inc. 1k Dec 26, 2022
An Algorithmic Trading Library for Crypto-Assets in Python

Service Master Develop CI Badge Catalyst is an algorithmic trading library for crypto-assets written in Python. It allows trading strategies to be eas

Enigma 2.4k Jan 05, 2023
Supply a wrapper ``StockDataFrame`` based on the ``pandas.DataFrame`` with inline stock statistics/indicators support.

Stock Statistics/Indicators Calculation Helper VERSION: 0.3.2 Introduction Supply a wrapper StockDataFrame based on the pandas.DataFrame with inline s

Cedric Zhuang 1.1k Dec 28, 2022
:mag_right: :chart_with_upwards_trend: :snake: :moneybag: Backtest trading strategies in Python.

Backtesting.py Backtest trading strategies with Python. Project website Documentation the project if you use it. Installation $ pip install backtestin

3.1k Dec 31, 2022
Fourth and final milestone project

Milestone Project 4: Pound Dog Click link to visit "Pound Dog" Aim of the project The aim of this project is to provide access to a website informing

Jamie Wilson 1 Oct 31, 2021
Github.com/CryptoSignal - #1 Quant Trading & Technical Analysis Bot - 2,100 + stars, 580 + forks

CryptoSignal - #1 Quant Trading & Technical Analysis Bot - 2,100 + stars, 580 + forks https://github.com/CryptoSignal/Crypto-Signal Development state:

Github.com/Signal - 2,100 + stars, 580 + forks 4.2k Jan 01, 2023
Python Algorithmic Trading Library

PyAlgoTrade PyAlgoTrade is an event driven algorithmic trading Python library. Although the initial focus was on backtesting, paper trading is now pos

Gabriel Becedillas 3.9k Jan 01, 2023
Technical Analysis Library using Pandas and Numpy

Technical Analysis Library in Python It is a Technical Analysis library useful to do feature engineering from financial time series datasets (Open, Cl

Darío López Padial 3.4k Jan 02, 2023
bt - flexible backtesting for Python

bt - Flexible Backtesting for Python bt is currently in alpha stage - if you find a bug, please submit an issue. Read the docs here: http://pmorissett

Philippe Morissette 1.6k Jan 05, 2023
A banking system is a group or network of institutions that provide financial services for us

A banking system is a group or network of institutions that provide financial services for us. These institutions are responsible for operating a payment system, providing loans, taking deposits, and

UTTKARSH PARMAR 1 Oct 24, 2021