Procscan - a quick and dirty python script used to look for potentially dangerous api call patterns in a Procmon PML file

Jan 15, 2022 1 min read

PROCSCAN

Procscan is a quick and dirty python script used to look for potentially dangerous api call patterns in a Procmon PML file.

Installation

git clone https://github.com/bananabr/procscan.git
cd procscan
python3 -m pip install -r requirements.txt

Usage

usage: procscan.py [-h] [--log LOG] [--verbose] --pml PML --ac AC

optional arguments:
  -h, --help     show this help message and exit
  --log LOG      log file path
  --verbose, -v  increase verbosity
  --pml PML      procscan PML file
  --ac AC        accesschk output file

Todo

(Registry symbolic link patterns)
(Filesystem symbolic link patterns)
(DLL hijack)
(Writable DLL loaded by privileged process)
(Writable PE loaded by privileged process)

GitHub

View Github

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.

Procscan - a quick and dirty python script used to look for potentially dangerous api call patterns in a Procmon PML file

PROCSCAN

Installation

Usage

Todo

GitHub

John

Little python script + dictionary to help solve Wordle puzzles

Includes Automation and Personal Projects

PROCSCAN

Installation

Usage

Todo

GitHub

Little python script + dictionary to help solve Wordle puzzles

Includes Automation and Personal Projects

You might also like...