Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and als…
☆142Sep 29, 2022Updated 3 years ago
Alternatives and similar repositories for HollowFind
Users that are interested in HollowFind are comparing it to the libraries listed below
Sorting:
- Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process E…☆39Sep 24, 2016Updated 9 years ago
- RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the …☆10Jul 1, 2015Updated 10 years ago
- The internal Windows structures hack to create the in-process private ETW session☆14Feb 22, 2017Updated 9 years ago
- A memory engine that scans, debugs and disassembles an applications memory space.☆14Oct 29, 2017Updated 8 years ago
- ☆11Mar 11, 2015Updated 10 years ago
- Monitor adapter, Fake DNS, Tunnel, and DHCP combined into one Windows Service☆12Apr 19, 2015Updated 10 years ago
- an efficient yet easy to use network packet builder and parser☆11Jul 3, 2017Updated 8 years ago
- PE/PE +(64bit) Viewer (Qt 5.8)☆10Aug 3, 2018Updated 7 years ago
- ☆10Sep 29, 2019Updated 6 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Mar 13, 2017Updated 8 years ago
- A drop-in replacement for the C++ STL for kernel mode Windows drivers. The goal is to have implementations for things like the standard a…☆33Jul 12, 2016Updated 9 years ago
- Minifilter Driver☆15Feb 10, 2017Updated 9 years ago
- UEFI SLIC injector alternate method☆20Oct 9, 2016Updated 9 years ago
- ☆15Dec 26, 2017Updated 8 years ago
- ARMv7 detour function for hooking junk (no thumb support, unaligned accesses are not atomic)☆16Feb 5, 2017Updated 9 years ago
- ☆14Sep 11, 2017Updated 8 years ago
- Notes my learning steps about Windows-NT☆23May 18, 2017Updated 8 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22May 31, 2017Updated 8 years ago
- ☆14Jun 27, 2017Updated 8 years ago
- ☆17Mar 3, 2016Updated 10 years ago
- profiling tool for analysising the games, get all the characteristic by hook d3d☆18Oct 10, 2014Updated 11 years ago
- Windows device tree walker☆15Sep 19, 2018Updated 7 years ago
- Trying for all arch detour stuff now☆11Feb 10, 2017Updated 9 years ago
- Today Plugin (x64) - A Plugin For x64dbg☆13Jul 17, 2018Updated 7 years ago
- My solutions for random crackmes and other challenges☆12Dec 23, 2019Updated 6 years ago
- A system call tracer☆10Sep 22, 2014Updated 11 years ago
- 进程保护、进程过滤的小工程、主要亮点是在内核中对操作系统中的用户进行管理☆16Nov 5, 2014Updated 11 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆208Mar 12, 2025Updated 11 months ago
- Kernel Context [template c++] Library - K C L. Your stl for work in linux/windows kernel !!!☆11Jul 24, 2018Updated 7 years ago
- fork from http://hashlib.codeplex.com☆12Oct 27, 2025Updated 4 months ago
- CVE-2017-4878 Samples - http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html☆18Feb 5, 2018Updated 8 years ago
- lwIP is a small independent implementation of the TCP/IP protocol suite that has been initially developed by Adam Dunkels and is now cont…☆12Apr 27, 2017Updated 8 years ago
- A C++ cross-platform log library.☆13Jun 4, 2022Updated 3 years ago
- TLB splitting module for the Bareflank Hypervisor.☆12Sep 23, 2018Updated 7 years ago
- ☆14Feb 23, 2018Updated 8 years ago
- 虚拟机逃逸exp工具 VMware Escape Exploit before VMware WorkStation 12.5.5☆10Sep 10, 2017Updated 8 years ago
- Open-Source Anti-RMT-Spam Firewall☆12Mar 28, 2016Updated 9 years ago
- This is a pintool that can analyze target dynamically and output code blocks and "key frames".☆14Mar 26, 2015Updated 10 years ago
- ☆11Sep 14, 2014Updated 11 years ago