Finding stealth injected DLLs
I've mentioned Volatility here before and I use it in my day job doing malware analysis. The problem is, I know it is capable of doing a lot more than I am currently using it for, but I rarely have the time to sit down and play with it and learn how to use it better. So, I was very pleased when I noticed that Michael Hale Ligh has written 2 pieces on how to use Volatility to find DLLs that have been stealthily injected into running processes. The first is Locating Hidden Clampi DLLs and the second is entitled Recovering Coreflood Binaries with Volatility. Does anyone else out there have any other tools/methods they use for trying to detect and analyze these DLL injections (or even non-stealthy ones)? Let me know via the contact page and I'll update this story.
LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 21st - Oct 26th 2024 |
Comments