This repository contains a set of plugins for Volatility 3

Related tags

Financevolatility_plugins
Overview

volatility_plugins

This repository contains a set of plugins for Volatility 3 These plugins are not compatible with Volatility 2

To use these plugins you will need to use the -p /path/to/volatility_pugins as a command line option when running vol for specific usages please refer to each individual plugin.

Cobaltstrike

This plugin has the following components.

Configuration Extraction

This plugin will scan all process in active memory for signs of a Cobalt Strike Configuration block, if found it will attempt to parse and extract relevant information.

We do not render the full configuration only select elements. A future update will expand the presented fields.

Examples

Scan and output in to JSON format

vol -r json -f Server16-CobaltStrike.raw -p ./volatility_plugins/ cobaltstrike

Volatility 3 Framework 2.0.0
Progress:  100.00		PDB scanning finished                        
[
  {
    "Jitter": 0,
    "License ID": xxxxxxxxxx,
    "PID": 4396,
    "POST_PATH": "",
    "Pipe": "\\\\.\\pipe\\msagent_89",
    "Port": 4444,
    "Process": "ShellExperienc",
    "Server": "",
    "Sleep": 10000,
    "__children": [],
    "x64 Install_Path": "%windir%\\sysnative\\rundll32.exe",
    "x86 Install_Path": "%windir%\\syswow64\\rundll32.exe"
  },
  {
    "Jitter": 0,
    "License ID": xxxxxxxxxx,
    "PID": 4396,
    "POST_PATH": "",
    "Pipe": "\\\\.\\pipe\\msagent_89",
    "Port": 4444,
    "Process": "ShellExperienc",
    "Server": "",
    "Sleep": 10000,
    "__children": [],
    "x64 Install_Path": "%windir%\\sysnative\\rundll32.exe",
    "x86 Install_Path": "%windir%\\syswow64\\rundll32.exe"
  },
  {
    "Jitter": 0,
    "License ID": xxxxxxxxxx,
    "PID": 4604,
    "POST_PATH": "/submit.php",
    "Pipe": "",
    "Port": 443,
    "Process": "rundll32.exe",
    "Server": "yellowzinc.corp,/ca",
    "Sleep": 5000,
    "__children": [],
    "x64 Install_Path": "%windir%\\sysnative\\rundll32.exe",
    "x86 Install_Path": "%windir%\\syswow64\\rundll32.exe"
  }
]

Scan and output in table format

vol -r pretty -f Server16-CobaltStrike.raw -p ./volatility_plugins/ cobaltstrike

Volatility 3 Framework 2.0.0
Formatting...0.00		PDB scanning finished                        
  |  PID |        Process | Port | Sleep | Jitter |            Server |   POST_PATH |               x86 Install_Path |                x64 Install_Path |                Pipe | License ID
* | 4396 | ShellExperienc | 4444 | 10000 |      0 |                   |             | %windir%\syswow64\rundll32.exe | %windir%\sysnative\rundll32.exe | \\.\pipe\msagent_89 | xxxxxxxxxx
* | 4396 | ShellExperienc | 4444 | 10000 |      0 |                   |             | %windir%\syswow64\rundll32.exe | %windir%\sysnative\rundll32.exe | \\.\pipe\msagent_89 | xxxxxxxxxx
* | 4604 |   rundll32.exe |  443 |  5000 |      0 | yellowzinc.corp,/ca | /submit.php | %windir%\syswow64\rundll32.exe | %windir%\sysnative\rundll32.exe |                     | xxxxxxxxxx
Owner
Immersive-Labs-Sec
Immersive-Labs-Sec
GitHub Repository
Portfolio and risk analytics in Python

pyfolio pyfolio is a Python library for performance and risk analysis of financial portfolios developed by Quantopian Inc. It works well with the Zipl

Quantopian, Inc. 4.8k Jan 08, 2023
A python wrapper for Alpha Vantage API for financial data.

alpha_vantage Python module to get stock data/cryptocurrencies from the Alpha Vantage API Alpha Vantage delivers a free API for real time financial da

Romel Torres 3.8k Jan 07, 2023
A proper portfolio tracker. Featuring historical allocation, cash flows and real returns.

Python Portfolio Analytics A portfolio tracker featuring account transactions, historical allocation, dividends and splits management and endless perf

Simone Precicchiani 13 Aug 13, 2022
stock data on eink with raspberry

small python skript to display tradegate data on a waveshare e-ink important you need locale "de_AT.UTF-8 UTF-8" installed. do so in raspi-config's Lo

Simon Oberhammer 24 Feb 22, 2022
Python sync/async framework for Interactive Brokers API

Introduction The goal of the IB-insync library is to make working with the Trader Workstation API from Interactive Brokers as easy as possible. The ma

Ewald de Wit 2k Dec 30, 2022
Find big moving stocks before they move using machine learning and anomaly detection

Surpriver - Find High Moving Stocks before they Move Find high moving stocks before they move using anomaly detection and machine learning. Surpriver

Tradytics 1.5k Dec 31, 2022
Q-Fin: A Python library for mathematical finance.

Q-Fin A Python library for mathematical finance. Installation https://pypi.org/project/QFin/ pip install qfin Bond Pricing Option Pricing Black-Schol

Roman Paolucci 247 Jan 01, 2023
Software for quick purchase of mystery boxes on Binance.

english | русский язык Software for quick purchase of mystery boxes on Binance. Purpose Installation & setup Motivation Specification Disclaimer Purpo

Ellis 5 Mar 08, 2022
personal finance tracker, written in python 3 and using the wxPython GUI toolkit.

personal finance tracker, written in python 3 and using the wxPython GUI toolkit.

wenbin wu 23 Oct 30, 2022
Zipline, a Pythonic Algorithmic Trading Library

Zipline is a Pythonic algorithmic trading library. It is an event-driven system for backtesting. Zipline is currently used in production as the backte

Quantopian, Inc. 15.7k Jan 02, 2023
Github.com/CryptoSignal - #1 Quant Trading & Technical Analysis Bot - 2,100 + stars, 580 + forks

CryptoSignal - #1 Quant Trading & Technical Analysis Bot - 2,100 + stars, 580 + forks https://github.com/CryptoSignal/Crypto-Signal Development state:

Github.com/Signal - 2,100 + stars, 580 + forks 4.2k Jan 01, 2023
An open source reinforcement learning framework for training, evaluating, and deploying robust trading agents.

TensorTrade: Trade Efficiently with Reinforcement Learning TensorTrade is still in Beta, meaning it should be used very cautiously if used in producti

4k Dec 30, 2022
Common financial risk and performance metrics. Used by zipline and pyfolio.

empyrical Common financial risk metrics. Table of Contents Installation Usage Support Contributing Testing Installation pip install empyrical Usage S

Quantopian, Inc. 1k Dec 26, 2022
Python Algorithmic Trading Library

PyAlgoTrade PyAlgoTrade is an event driven algorithmic trading Python library. Although the initial focus was on backtesting, paper trading is now pos

Gabriel Becedillas 3.9k Jan 01, 2023
ffn - a financial function library for Python

ffn - Financial Functions for Python Alpha release - please let me know if you find any bugs! If you are looking for a full backtesting framework, ple

Philippe Morissette 1.4k Jan 01, 2023
High-performance TensorFlow library for quantitative finance.

TF Quant Finance: TensorFlow based Quant Finance Library Table of contents Introduction Installation TensorFlow training Development roadmap Examples

Google 3.5k Jan 01, 2023
Python library for backtesting trading strategies & analyzing financial markets (formerly pythalesians)

finmarketpy (formerly pythalesians) finmarketpy is a Python based library that enables you to analyze market data and also to backtest trading strateg

Cuemacro 3k Dec 30, 2022
Supply a wrapper ``StockDataFrame`` based on the ``pandas.DataFrame`` with inline stock statistics/indicators support.

Stock Statistics/Indicators Calculation Helper VERSION: 0.3.2 Introduction Supply a wrapper StockDataFrame based on the pandas.DataFrame with inline s

Cedric Zhuang 1.1k Dec 28, 2022
Beibo is a Python library that uses several AI prediction models to predict stocks returns over a defined period of time.

Beibo is a Python library that uses several AI prediction models to predict stocks returns over a defined period of time.

Santosh 54 Dec 10, 2022
scrilla: A Financial Optimization Application

A python application that wraps around AlphaVantage, Quandl and IEX APIs, calculates financial statistics and optimizes portfolio allocations.

Grant Moore 6 Dec 17, 2022