I hereby claim:
- I am bridgeythegeek on github.
- I am bridgeythegeek (https://keybase.io/bridgeythegeek) on keybase.
- I have a public key ASAJ-OxLCfEIkwITQS5xLoD9lgpgRO_7k07y97yMGDYCSQo
To claim this, I am signing this object:
Bridgey the Geek bridgeythegeek
bridgeythegeek
/ keybase.md
Created
July 5, 2022 15:35
bridgeythegeek
/ template_files.py
Last active
March 22, 2020 15:05
python template for working with files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import glob | |
| import logging | |
| import os | |
| log = logging.getLogger(__name__) | |
| # Gather the arguments | |
| argp = argparse.ArgumentParser() | |
| argp.add_argument('-v', '--verbose', action='store_const', dest='loglevel', const=logging.INFO, default=logging.WARNING) |
bridgeythegeek
/ MyFirstVolatilityPluginWithUnifiedOutput.md
Last active
April 24, 2020 13:52
My First Volatility Plugin with Unified Output
Although there are many excellent resources for learning Volatility available (The Art of Memory Forensics book, the vol-users mailing list, the Volatility Labs blog, and the Memory Analysis training course to name a few), I've never really seen a good absolute beginners guide to writing your first plugin. So if you find yourself needing that, hopefully this will help.
Also, it's worth checking out @jameshabben's post on the topic.
bridgeythegeek
/ MyFirstVolatilityPlugin.md
Last active
March 1, 2021 16:48
My First Volatility Plugin
There is an updated version of this mini-tutorial which includes the much-encouraged unified_output.
Although there are many excellent resources for learning Volatility available (The Art of Memory Forensics book, the vol-users mailing list, the Volatility Labs blog, and the Memory Analysis training course to name a few), I've never really seen a good absolute beginners guide to writing your first plugin. So if you find yourself needing that, hopefully this will help.
bridgeythegeek
/ mml.py
Created
May 9, 2016 16:07
Lookup dump file offsets from Volatility's memmap/memdump plugins.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import cmd | |
| import os | |
| import sys | |
| class MML(cmd.Cmd): | |
| """Handy lookup for Volatility's memmap output""" | |
| def __init__(self, map_file): | |
| cmd.Cmd.__init__(self) |
Being someone who tries to play a lot with Windows memory, I really wanted to play with PANDA, but I was slightly scared because I'd never touched qemu before - all my experience had been with VirtualBox and VMware.
My goal was to install PANDA into a (relatively) clean install of Debian 8 'Jessie', capture a recording and successfully run a PANDA plugin.