The Garuda Threat Hunting Framework, released at DEF CON 2025, is a PowerShell-based framework designed to simplify manual threat hunting. It allows you to correlate, filter, and investigate Sysmon events efficiently. In this video, I demonstrate how to install Garuda, explore its key features, and perform a step-by-step hunt of a Living-off-the-Land (LoLbin) attack using […]
In this video, we explore how AI enhances threat hunting by integrating Large Language Models (LLMs) with the Garuda Threat Hunting Framework. Garuda is a manual, PowerShell-based threat hunting and investigation framework designed to transform raw Sysmon telemetry into structured, actionable intelligence for Windows environments. It allows you to correlate, filter, and analyze sysmon events […]
Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related information and spot any […]
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and […]
APITracker is a major update to our tool Malpimp. It follows the same methodology for hooking and reporting but with an enhanced feature set and more stable logging options. New to APITracker: 1.Server Logging: APItracker can send the api logs on the remote server so you don’t have to worry about ransomewares etc. 2.Parameters: APItracker […]
A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform the target for malware attacks, so it becomes important to analyze the Linux malwares. Today, there is a need to analyze Linux malwares in an automated way to understand its capabilities. Limon is a sandbox […]
Many times while doing memory analysis (or malware analysis) an analyst would be presented with lots of data and analyst has to manually find the malicious artifacts from that data which takes time and effort. This tool helps in solving that problem by comparing the results between the clean and infected memory images. This tool […]
PyMal is a python based interactive Malware Analysis Framework. It is built on the top of three pure python programes Pefile, Pydbg and Volatility. The main aim of the project is to combine all the Malware Analysis related tools into a single interface for rapid analysis. PyMal have several wrapper functions to manipulate Executable […]
ExeScan is a console based tool to detect anomalies in PE (Portable Executable) files. It quickly scans given executable file and detect all kind of anomalies in its PE header fields including checksum verification’s, size of various header fields, improper size of raw data, non-ascii/empty section names etc. Various packers/protectors modify PE header to make reversing […]
Shell Detect is a tool to detect presence of Shell Code within a file or network stream. You can either provide raw binary file (such as generated from Metasploit or network stream file as input to this tool. These days attackers distribute malicious files which contains hidden exploit shell code. On opening such files, exploit shell […]