HollowFind
Process analyzer
A Volatility plugin to detect hollowing techniques used in process analysis
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and also reports any suspicious memory regions which should help in detecting any injected code.
131 stars
12 watching
31 forks
Language: Python
last commit: about 2 years ago Related projects:
Repository | Description | Stars |
---|---|---|
hasherezade/hollows_hunter | Analyzes running processes to detect and dump malicious code | 2,039 |
mkorman90/volatilitybot | Automates memory analysis of malware samples and memory dumps by extracting binaries, injections, strings, and analyzing code using heuristics and YARA/Clam AV scanners. | 264 |
monnappa22/limon | Automated analysis tool for detecting and understanding Linux malware behavior | 389 |
kd8bny/limeaide | Automates the process of remotely dumping RAM and creating volatility profiles on Linux clients. | 161 |
forrest-orr/moneta | A tool for analyzing memory on Windows systems to detect malware IOCs | 691 |
chopicalqui/turbodataminer | A tool for analyzing and modifying HTTP requests in Burp Suite using Python scripts | 54 |
0xvavaldi/ruleprocessory | Tool to process and transform wordlists by applying complex rules for password cracking | 30 |
fx5/not_random | Reconstructs the internal state of a Mersenne Twister algorithm from partial output data | 71 |
0xvavaldi/gramify | Analyzes text data to extract patterns of words or characters for password cracking and analysis purposes. | 28 |
forensicxlab/volatility3_plugins | A collection of plugins for analyzing digital forensic data from various sources | 22 |
gleeda/memtriage | Analyze Windows machine RAM artifacts using Winpmem and Volatility | 218 |
brompwnie/botb | A tool designed to analyze and exploit vulnerabilities in containers for pentesters and engineers | 648 |
voxpupuli/puppet-ghostbuster | A tool to identify unused code in Puppet manifests and databases. | 93 |
carlospolop/autovolatility | A tool for running multiple volatility plugins simultaneously to analyze and extract data from memory dumps. | 108 |
bashtage/arch | Provides tools and models for analyzing financial time series and detecting patterns in volatility. | 1,340 |