monnappa22 / HollowFind
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and als…
☆137Updated 2 years ago
Alternatives and similar repositories for HollowFind:
Users that are interested in HollowFind are comparing it to the libraries listed below
- Smart DLL execution for malware analysis in sandbox systems☆143Updated 10 years ago
- Cuckoo running in a nested hypervisor☆128Updated 4 years ago
- Generating YARA rules based on binary code☆208Updated 3 years ago
- c2 traffic☆188Updated 2 years ago
- Lazy Office Analyzer☆122Updated 8 years ago
- ☆134Updated 6 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆117Updated 10 months ago
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- An advanced memory forensics framework☆95Updated 5 years ago
- ☆98Updated 4 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- Various Yara signatures (possibly to be included in a release later).☆85Updated 5 years ago
- Various scripts for different malware families☆106Updated 4 years ago
- BinSequencer is a script designed to find a common pattern of bytes within a set of samples and generate a YARA rule from the identified…☆76Updated 3 years ago
- ☆82Updated 8 years ago
- Random hunting ordiented yara rules☆95Updated 2 years ago
- ☆82Updated 5 years ago
- YARA rules for use with ProcFilter☆86Updated 7 years ago
- A tool for de-obfuscating PowerShell scripts☆68Updated 6 years ago
- A Yara rule generator for finding related samples and hunting☆158Updated 2 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆221Updated 4 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆96Updated last week
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆192Updated last month
- Static based decoders for malware samples☆93Updated 4 years ago
- ☆125Updated 2 months ago
- Automatic YARA rule generation for Malpedia☆159Updated 2 years ago
- A taxonomy and dictionary of malware behaviors.☆42Updated 5 years ago
- PE Import Hash Generator☆78Updated 7 years ago
- Page File analysis tools.☆127Updated 9 years ago