monnappa22 / HollowFind
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and als…
☆131Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for HollowFind
- Lazy Office Analyzer☆119Updated 7 years ago
- Generating YARA rules based on binary code☆203Updated 3 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆115Updated 5 months ago
- Smart DLL execution for malware analysis in sandbox systems☆141Updated 9 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆106Updated 3 years ago
- ☆134Updated 5 years ago
- An advanced memory forensics framework☆92Updated 5 years ago
- ☆82Updated 8 years ago
- Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes. It uses evasion & detection techniques …☆278Updated 7 years ago
- c2 traffic☆188Updated last year
- A tool for de-obfuscating PowerShell scripts☆66Updated 5 years ago
- Cuckoo running in a nested hypervisor☆128Updated 4 years ago
- YARA rules for use with ProcFilter☆84Updated 7 years ago
- ☆96Updated 4 years ago
- Static based decoders for malware samples☆93Updated 4 years ago
- Various Yara signatures (possibly to be included in a release later).☆85Updated 5 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆218Updated 4 years ago
- ☆81Updated 4 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆73Updated 10 years ago
- ☆294Updated 4 years ago
- Various scripts for different malware families☆105Updated 3 years ago
- PE Import Hash Generator☆74Updated 7 years ago
- Autoruns plugin for the Volatility framework☆118Updated 5 years ago
- Random hunting ordiented yara rules☆95Updated last year
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆189Updated 4 years ago
- BinSequencer is a script designed to find a common pattern of bytes within a set of samples and generate a YARA rule from the identified…☆74Updated 2 years ago
- Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process E…☆36Updated 8 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆92Updated 2 weeks ago
- A modern Python-3-based alternative to RegRipper☆187Updated 2 weeks ago