diff --git a/detecting_ph_process.md b/detecting_ph_process.md index 0af7ea0..fbdf647 100644 --- a/detecting_ph_process.md +++ b/detecting_ph_process.md @@ -1,5 +1,10 @@ # Identification of Hollowed out processes - [Process Hollowing](https://github.com/mether049/malware/blob/master/malware-tech_ref_and_memo.md#injectionhollowing)されたプロセスの識別方法を示す + - [Case1: Hollows Hunter](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case1-hollows-hunter) + - [Case2: Loki](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case2-loki) + - [Case3: EQL(Event Query Language)](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case3-eqlevent-query-language) + - [Extracting IoC from Process Memory with strings2](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#extracting-ioc-from-process-memory-with-strings2) + - [Case4: Volatility](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case4-volatility) ## Sample/Environment - Sample