A plugin detecting the presence of PowerShell Empire. More...

Inheritance diagram for contrib.plugins.malware.psempire.PSEmpire:

Public Member Functions
def	get_vad_base (self, task, address)
	Get the VAD starting address.

def	calculate (self)

def	render_text (self, outfd, data)

Detailed Description

A plugin detecting the presence of PowerShell Empire.

Idally run against a PID of powershell.exe

The documentation for this class was generated from the following file:

Public Member Functions