monnappa22 / HollowFindLinks
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and als…
☆142Updated 3 years ago
Alternatives and similar repositories for HollowFind
Users that are interested in HollowFind are comparing it to the libraries listed below
Sorting:
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- ☆84Updated 5 years ago
- Lazy Office Analyzer☆122Updated 8 years ago
- YARA rules for use with ProcFilter☆88Updated 8 years ago
- Smart DLL execution for malware analysis in sandbox systems☆144Updated 10 years ago
- Various Yara signatures (possibly to be included in a release later).☆87Updated 6 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆121Updated last year
- Live hunting of code injection techniques☆383Updated 6 years ago
- An advanced memory forensics framework☆96Updated 6 years ago
- BinSequencer is a script designed to find a common pattern of bytes within a set of samples and generate a YARA rule from the identified…☆78Updated 3 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆77Updated 11 years ago
- c2 traffic☆191Updated 2 years ago
- Automatic YARA rule generation for Malpedia☆164Updated 3 years ago
- ☆135Updated 6 years ago
- A tool for de-obfuscating PowerShell scripts☆71Updated 6 years ago
- Cuckoo running in a nested hypervisor☆128Updated 5 years ago
- A taxonomy and dictionary of malware behaviors.☆43Updated 6 years ago
- Generating YARA rules based on binary code☆216Updated 4 years ago
- A tool for detecting VBA stomping.☆100Updated 3 years ago
- Various scripts for different malware families☆106Updated 4 years ago
- PE Import Hash Generator☆79Updated 8 years ago
- Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes. It uses evasion & detection techniques …☆291Updated 8 years ago
- ☆97Updated 5 years ago
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆264Updated 3 years ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆162Updated 10 months ago
- A VBA parser and emulation engine to analyze malicious macros.☆96Updated last week
- MAEC Schemas and Schema Development☆88Updated 5 years ago
- Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process E…☆38Updated 9 years ago
- Static based decoders for malware samples☆94Updated 5 years ago
- Automatically rebuild Import Address Table for dumped PE file. With python bindings!☆121Updated 6 years ago