PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis.
Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.
Also Read – OSINT-SPY : Performs OSINT Scan On Email/Domain/IP_Address/Organisation
Clone
Use recursive clone to get the repo together with the submodule:
git clone –recursive https://github.com/hasherezade/pe-sieve.git
Those builds are available for testing and they may be ahead of the official release:
What is a Software Supply Chain Attack? A software supply chain attack occurs when a…
When people ask how UDP works, the simplest answer is this: UDP sends data quickly…
Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…
A large-scale malware campaign leveraging AI-assisted development techniques has been uncovered, revealing how attackers are…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
People trying to securely connect to work are being tricked into doing the exact opposite.…