1
0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00

Update detecting_ph_process.md

This commit is contained in:
mether049 2020-03-01 03:58:18 +09:00 committed by GitHub
parent 5d25a14030
commit 4ea86a6da0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,5 +1,10 @@
# Identification of Hollowed out processes
- [Process Hollowing](https://github.com/mether049/malware/blob/master/malware-tech_ref_and_memo.md#injectionhollowing)されたプロセスの識別方法を示す
- [Case1: Hollows Hunter](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case1-hollows-hunter)
- [Case2: Loki](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case2-loki)
- [Case3: EQL(Event Query Language)](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case3-eqlevent-query-language)
- [Extracting IoC from Process Memory with strings2](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#extracting-ioc-from-process-memory-with-strings2)
- [Case4: Volatility](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case4-volatility)
## Sample/Environment
- Sample