moneta
Memory analyzer
A tool for analyzing memory on Windows systems to detect malware IOCs
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
707 stars
14 watching
86 forks
Language: C++
last commit: 10 months ago artifactdumphollowinginjectioniocmalwarememorymonetapeprocessreflectivescannershellcodeusermodewindows
Related projects:
| Repository | Description | Stars |
|---|---|---|
 gleeda/memtriage | Analyze Windows machine RAM artifacts using Winpmem and Volatility | 218 |
 eset/malware-ioc | A repository of malware indicators and rules for threat hunting and analysis. | 1,698 |
 usualsuspect/malscan | A tool to detect and analyze malicious code in process memory by executing Python scripts on YARA matches | 12 |
 shanek2/invtero.net | Analyzes and validates physical memory from various systems to extract process information and hypervisor details | 281 |
 crowdstrike/supermem | A tool for processing Windows memory images to extract relevant information | 260 |
 mkorman90/volatilitybot | Automates memory analysis of malware samples and memory dumps by extracting binaries, injections, strings, and analyzing code using heuristics and YARA/Clam AV scanners. | 264 |
 antique-team/memcad | Analyzes C code for its memory layout and dependencies | 25 |
 rek7/mxtract | Analyzes and dumps memory to extract sensitive information from running processes | 582 |
 cristianzsh/freki | A platform for analyzing malware and performing reverse engineering on binary files | 424 |
 evild3ad/memprocfs-analyzer | Automated tool for forensic analysis of Windows memory dumps | 555 |
 guelfoweb/peframe | Analyzes Portable Executable malware and malicious MS Office documents for various suspicious features | 612 |
 hasherezade/hollows_hunter | Analyzes running processes to detect and dump malicious code | 2,047 |
 huoji120/duckmemoryscan | A tool to detect memory-based evasion techniques used in malware and rootkits | 711 |
 ytisf/muninn | A tool to assist in memory forensics analysis on Windows systems by automating the process of extracting and exporting relevant data from memory images. | 52 |
 googleprojectzero/bochspwn-reloaded | An emulator-based tool to detect kernel memory disclosure vulnerabilities by tracking uninitialized memory in guest operating systems. | 297 |