-
Hey there,
the payload or malicious PE file should be on the fileytem here. Mostly it will be already fished away by AV, especially if it is malicious or suspicious enough :-)
In my case for tes…
-
Hi hasherezade,
Thanks for your great tool. I tested hollows_hunter, it can detect hollow process created by Agenttesla, fareit, formbook. However, it can't detect iexplore.exe created by ursnif tr…
-
In GitLab by @AaBelov on Aug 19, 2016, 01:06
ICE uses quadratic programming to find abundances on each iteration. The current `lsei` method seems to be slow.
-
## Description
Using Posh_v4_x64_Shellcode.bin in a Dropper leveraging Process Hollowing tradecraft (See file attached below) doesn't return an implant
## Execution Environment:
**All of this m…
-
-
As github does not offer a better repository for images, this issue will be used as one. This issue will be closed right away to be hidden.
![image](https://user-images.githubusercontent.com/583094…
-
### Description of the bug
Since a while (I unfortunately don't know when) but currently 2.6.1 the hollow algorithm generates a new mesh for the outer shell.
Every triangle is densely tessellated …
-
would be nice to have the possibility to hollow out a x64 process from a x86 Dinvoke assembly.
The only way to do that ( I think) would be to spawn a new x64 processes and obtain a valid handle to i…
-
I don't know if other folks have/will run into this or not, but I just want to mark it down.
When I call this library inside my WSL2 Debian box, my WSL session gets killed by SentinelOne due to a `…
-
I created a reverse shell with msfvenom, precisely an exe file, but it won't fire:
'E:\process_ghosting-master\Debug>proc_ghost.exe msf_rev_https.exe
[+] Created temp file: C:\Users\fancy\AppDa…