PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis.
Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.
Also Read – OSINT-SPY : Performs OSINT Scan On Email/Domain/IP_Address/Organisation
Clone
Use recursive clone to get the repo together with the submodule:
git clone –recursive https://github.com/hasherezade/pe-sieve.git
Those builds are available for testing and they may be ahead of the official release:
Java remains one of the most widely used programming platforms for servers, enterprise applications, Android…
Ubuntu users often download software directly from developer websites instead of using the default app…
Installing Ubuntu 26.04 LTS is only the first step toward building a smooth, secure, and…
What is a Software Supply Chain Attack? A software supply chain attack occurs when a…
When people ask how UDP works, the simplest answer is this: UDP sends data quickly…
Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…