PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis.
Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.
Also Read – OSINT-SPY : Performs OSINT Scan On Email/Domain/IP_Address/Organisation
Clone
Use recursive clone to get the repo together with the submodule:
git clone –recursive https://github.com/hasherezade/pe-sieve.git
Those builds are available for testing and they may be ahead of the official release:
CognitoHunter is a specialized toolkit designed for security researchers and penetration testers to analyze and…
Axum is a high-performance, ergonomic, and modular web framework for Rust, designed to simplify the…
how2heap is a repository designed to teach and demonstrate various heap exploitation techniques. It provides…
Polars is a cutting-edge DataFrame library designed for high-speed data manipulation and analysis. Written in…
WinVisor is a hypervisor-based emulator designed to emulate Windows x64 user-mode executables. It leverages the…
CVE-2024-12084 is a critical vulnerability in the widely-used Rsync tool, identified as a heap-based buffer…