DuckMemoryScan

Memory scanner

A tool to detect memory-based evasion techniques used in malware and rootkits

检测绝大部分所谓的内存免杀马

GitHub

711 stars
17 watching
137 forks
Language: C++
last commit: over 2 years ago

Related projects:

Repository Description Stars
huoji120/cobaltstrikedetected Detects potential Cobalt Strike malware by analyzing memory allocation patterns during code execution 272
rek7/mxtract Analyzes and dumps memory to extract sensitive information from running processes 582
usualsuspect/malscan A tool to detect and analyze malicious code in process memory by executing Python scripts on YARA matches 12
trainr3kt/memreader_bof A tool that searches and extracts specific strings from another process's memory 41
mirage/conan Re-implementation of a file recognition engine with support for multiple MIME types and decision trees. 48
zer0mem0ry/kernelreadwritememory A proof-of-concept project demonstrating kernel-level memory manipulation on Windows NT 274
marcosd4h/memhunter Automated endpoint sensor tool to detect memory-resident malware without requiring memory dumps 378
codecat/clawsearch A plugin that scans memory in 64-bit debuggers to locate specific values, inspired by Cheat Engine. 275
jpcertcc/malconfscan Tools to extract configuration data from known malware samples in memory images. 483
ramortegui/clamxir A wrapper around ClamAV's scanning functionality for Elixir applications. 13
crowdstrike/supermem A tool for processing Windows memory images to extract relevant information 260
maoni0/mem-doc A resource for .NET memory analysis and diagnostics 1,841
mitrecnd/malchive A collection of reusable scripts and tools for analyzing malicious software 75
zu1k/beacon_hook_bypass_memscan Bypassing memory scanning to evade detection by the Karbenz CASB (Content Awareness Security Platform) security solution 24
nccgroup/windowsmempagedelta Software designed to monitor Windows executable memory page changes to detect anomalies in system behavior 28