首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 看雪社区
  2. 资源下载
    3. 发新帖
[转帖]PE-sieve
2020-1-13 10:28 5411

[转帖]PE-sieve

linhanshi 活跃值
2020-1-13 10:28
5411
PE-sieve

PE-sieveis a tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

PE-sieve is meant to be alight-weight enginededicated to scana single processat the time. It can be built as an EXE or as a DLL. The DLL version exposes a simple API and can be easily integrated with other applications.

If instead of scanning a particular process you want to scan yourfull systemwith PE-sieve, you can useHollowsHunter. It contains PE-sieve (a DLL version), but offers also some additional features and filters on the top of this base.

Uses library:https://github.com/hasherezade/libpeconv.git

_ https://github.com/hasherezade/pe-sieve



[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法

收藏
点赞2
打赏
分享
最新回复 (3)
云才哥
雪    币: 222
活跃值: (140)
能力值: ( LV2,RANK:15 )
在线值:
发帖
回帖
粉丝
私信
云才哥 2020-3-11 02:54
2
0
命令行太难玩了 
killpy
雪    币: 83
活跃值: (1037)
能力值: ( LV8,RANK:130 )
在线值:
发帖
回帖
粉丝
私信
killpy 2 2020-3-11 06:36
3
0
已阅
linhanshi
雪    币: 83395
活跃值: (198475)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
私信
linhanshi 2020-6-18 18:43
4
0

[VERSION] 0.2.7.1. Updated pe-sieve

_https://github.com/hasherezade/pe-sieve/wiki

hollows_hunter

_https://github.com/hasherezade/hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
游客
登录 | 注册 方可回帖
 回帖  表情 雪币赚取及消费
高级回复
返回