{"id":4744,"date":"2025-03-20T10:17:11","date_gmt":"2025-03-20T09:17:11","guid":{"rendered":"https:\/\/andreas-klingler.de\/infosec\/?p=4744"},"modified":"2025-03-20T10:17:12","modified_gmt":"2025-03-20T09:17:12","slug":"detecting-malware","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=4744","title":{"rendered":"Detecting Malware"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Windows<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Detect\u00ading <span class=\"caps\">PE<\/span>\/<span class=\"caps\">DLL<\/span> injection:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/hasherezade\/hollows_hunter\">GitHub \u2014 hasherezade\/hollows_hunter: Scans all run\u00adning process\u00ades. Rec\u00adog\u00adnizes and dumps a vari\u00adety of poten\u00adtial\u00adly mali\u00adcious implants (replaced\/implanted PEs, shell\u00adcodes, hooks, in-mem\u00ado\u00adry patches).<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hasherezade\/pe-sieve\">GitHub \u2014 hash\u00aderezade\/pe-sieve: Scans a giv\u00aden process. Rec\u00adog\u00adnizes and dumps a vari\u00adety of poten\u00adtial\u00adly mali\u00adcious implants (replaced\/injected PEs, shell\u00adcodes, hooks, in-mem\u00ado\u00adry patches).<\/a><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Win\u00addows Detect\u00ading <span class=\"caps\">PE<\/span>\/<span class=\"caps\">DLL<\/span> injection:<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[512],"tags":[22],"class_list":["post-4744","post","type-post","status-publish","format-standard","hentry","category-incident-response","tag-malware"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/4744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4744"}],"version-history":[{"count":1,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/4744\/revisions"}],"predecessor-version":[{"id":4745,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/4744\/revisions\/4745"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}