Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and als…
☆142Sep 29, 2022Updated 3 years ago
Alternatives and similar repositories for HollowFind
Users that are interested in HollowFind are comparing it to the libraries listed below
Sorting:
- Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process E…☆39Sep 24, 2016Updated 9 years ago
- RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the …☆10Jul 1, 2015Updated 10 years ago
- The internal Windows structures hack to create the in-process private ETW session☆14Feb 22, 2017Updated 9 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Mar 13, 2017Updated 9 years ago
- A memory engine that scans, debugs and disassembles an applications memory space.☆14Oct 29, 2017Updated 8 years ago
- ☆11Mar 11, 2015Updated 11 years ago
- an efficient yet easy to use network packet builder and parser☆11Jul 3, 2017Updated 8 years ago
- ☆10Sep 29, 2019Updated 6 years ago
- Monitor adapter, Fake DNS, Tunnel, and DHCP combined into one Windows Service☆12Apr 19, 2015Updated 10 years ago
- PE/PE +(64bit) Viewer (Qt 5.8)☆10Aug 3, 2018Updated 7 years ago
- Minifilter Driver☆15Feb 10, 2017Updated 9 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆23May 31, 2017Updated 8 years ago
- ☆17Mar 3, 2016Updated 10 years ago
- A c++, QT gui based memory engine☆13Mar 6, 2018Updated 8 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆209Mar 12, 2025Updated last year
- ☆15Dec 26, 2017Updated 8 years ago
- Notes my learning steps about Windows-NT☆23May 18, 2017Updated 8 years ago
- A drop-in replacement for the C++ STL for kernel mode Windows drivers. The goal is to have implementations for things like the standard a…☆33Jul 12, 2016Updated 9 years ago
- CVE-2017-4878 Samples - http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html☆18Feb 5, 2018Updated 8 years ago
- Plugins I've written for Volatility☆216Dec 1, 2023Updated 2 years ago
- Today Plugin (x64) - A Plugin For x64dbg☆13Jul 17, 2018Updated 7 years ago
- UEFI SLIC injector alternate method☆20Oct 9, 2016Updated 9 years ago
- PoC for detecting and dumping process hollowing code injection☆53Oct 23, 2018Updated 7 years ago
- A system call tracer☆10Sep 22, 2014Updated 11 years ago
- profiling tool for analysising the games, get all the characteristic by hook d3d☆18Oct 10, 2014Updated 11 years ago
- threadmap plugin for Volatility Foundation☆27Aug 23, 2021Updated 4 years ago
- ☆11Sep 14, 2014Updated 11 years ago
- ☆30May 23, 2017Updated 8 years ago
- ☆28Feb 13, 2017Updated 9 years ago
- API Tracker by Cysinfo Team☆22Oct 12, 2016Updated 9 years ago
- ARMv7 detour function for hooking junk (no thumb support, unaligned accesses are not atomic)☆16Feb 5, 2017Updated 9 years ago
- ☆14Sep 11, 2017Updated 8 years ago
- Kernel Context [template c++] Library - K C L. Your stl for work in linux/windows kernel !!!☆11Jul 24, 2018Updated 7 years ago
- ☆14Jun 27, 2017Updated 8 years ago
- Artifact analysis tools by JPCERT/CC Analysis Center☆462Aug 14, 2025Updated 7 months ago
- Trying for all arch detour stuff now☆11Feb 10, 2017Updated 9 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆58Oct 23, 2018Updated 7 years ago
- The Network project is a C++ encapsulation of WinSock2 to form a lightweight network library; The Graphics project is a C++ encapsulation…☆13Oct 31, 2017Updated 8 years ago
- 进程保护、进程过滤的小工程、主要亮点是在内核中对操作系统中的用户进行管理☆16Nov 5, 2014Updated 11 years ago