Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/monnappa22/HollowFind
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and also reports any suspicious memory regions which should help in detecting any injected code.
https://github.com/monnappa22/HollowFind
Last synced: 11 days ago
JSON representation
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and also reports any suspicious memory regions which should help in detecting any injected code.
- Host: GitHub
- URL: https://github.com/monnappa22/HollowFind
- Owner: monnappa22
- Created: 2016-09-24T13:47:26.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2022-09-29T20:03:37.000Z (about 2 years ago)
- Last Synced: 2024-08-02T03:07:29.994Z (3 months ago)
- Language: Python
- Size: 3.91 KB
- Stars: 127
- Watchers: 12
- Forks: 31
- Open Issues: 6
Awesome Lists containing this project
- awesome-volatility - HollowFind - Plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques (Volatility 2 / Plugins)