首页
社区
课程
招聘
[转帖]PE-sieve
发表于: 2020-1-13 10:28 5702

[转帖]PE-sieve

2020-1-13 10:28
5702
PE-sieve

PE-sieveis a tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

PE-sieve is meant to be alight-weight enginededicated to scana single processat the time. It can be built as an EXE or as a DLL. The DLL version exposes a simple API and can be easily integrated with other applications.

If instead of scanning a particular process you want to scan yourfull systemwith PE-sieve, you can useHollowsHunter. It contains PE-sieve (a DLL version), but offers also some additional features and filters on the top of this base.

Uses library:https://github.com/hasherezade/libpeconv.git

_ https://github.com/hasherezade/pe-sieve



[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 2
支持
分享
最新回复 (3)
雪    币: 222
活跃值: (185)
能力值: ( LV2,RANK:15 )
在线值:
发帖
回帖
粉丝
2
命令行太难玩了 
2020-3-11 02:54
0
雪    币: 83
活跃值: (1087)
能力值: ( LV8,RANK:130 )
在线值:
发帖
回帖
粉丝
3
已阅
2020-3-11 06:36
0
雪    币: 97697
活跃值: (200834)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
4

[VERSION] 0.2.7.1. Updated pe-sieve

_https://github.com/hasherezade/pe-sieve/wiki

hollows_hunter

_https://github.com/hasherezade/hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

2020-6-18 18:43
0
游客
登录 | 注册 方可回帖
返回
//