Comae - Toolkit New!

Have you used Comae in an engagement? Let us know your thoughts in the comments below.

Get-ComaeProcess -DumpPath C:\cases\memory.dmp | Where-Object $_.Pid -eq 1337 | Get-ComaeVad You can chain commands without writing Python scripts. This lowers the barrier to entry for junior analysts while accelerating workflows for seniors. While the CLI is fantastic for local triage, the real magic happens when you upload your dump to Comae Hub (Enterprise feature). comae toolkit

For example, finding injected code:

Traditional memory dumpers (like raw NT kernel drivers) often cause a system to blue-screen or freeze for 30-60 seconds. In a production environment—think an E-Commerce server or an active Domain Controller—that freeze is unacceptable. Have you used Comae in an engagement

If you are an MSSP handling 50 alerts a day, or a corporate IR team that needs to answer "Is this machine compromised?" in under 5 minutes, Comae is your tool. It turns memory forensics from a "post-mortem autopsy" into a "live patient triage." This lowers the barrier to entry for junior