mirror of
https://github.com/nganhkhoa/malware.git
synced 2024-06-10 21:32:07 +07:00
Update detecting_ph_process.md
This commit is contained in:
parent
5d25a14030
commit
4ea86a6da0
@ -1,5 +1,10 @@
|
||||
# Identification of Hollowed out processes
|
||||
- [Process Hollowing](https://github.com/mether049/malware/blob/master/malware-tech_ref_and_memo.md#injectionhollowing)されたプロセスの識別方法を示す
|
||||
- [Case1: Hollows Hunter](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case1-hollows-hunter)
|
||||
- [Case2: Loki](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case2-loki)
|
||||
- [Case3: EQL(Event Query Language)](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case3-eqlevent-query-language)
|
||||
- [Extracting IoC from Process Memory with strings2](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#extracting-ioc-from-process-memory-with-strings2)
|
||||
- [Case4: Volatility](https://github.com/mether049/malware/blob/master/detecting_ph_process.md#case4-volatility)
|
||||
## Sample/Environment
|
||||
- Sample
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user