23

Psinfo

Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related information and spot any […]

25

HollowFind

  Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and […]

19

CYSINFO CYBER SECURITY MEETUP – 19TH NOVEMBER 2016

This is an announcement for the upcoming Cysinfo cyber security community meetup on 19th November 2016 in Bangalore, India. This meet is completely free and doesn’t require any registration or any other formalities to attend. The meet will start at 9:30 AM IST.   [jtrt_tables id=’4612′]   Venue: Amrita University (Amrita Vishwa Vidyapeetham) Bengaluru Campus Kasavanahalli, Carmelaram P.O. […]

5

Cyber Security with Amit Malik – Episode 2 – Macro Code De-obfuscation using Vbscript Debugger

Video: Text: Audience Level: Internet user, Mid level Analyst Prerequisite: Programming Language Introduction: Obfuscation: https://en.wikipedia.org/wiki/Obfuscation_(software) Infection Method: Malicious documents are mostly delivered through email campaigns. The attacker send the tailored email to the victim with the malicious email attachment or a malicious web link. Once the victim open the malicious document it will download the […]

4

APITracker – Windows API Tracing tool

APITracker is a major update to our tool Malpimp. It follows the same methodology for hooking and reporting but with an enhanced feature set and more stable logging options. New to APITracker: 1.Server Logging: APItracker can send the api logs on the remote server so you don’t have to worry about ransomewares etc. 2.Parameters: APItracker […]

21

Detecting Malicious Processes Using Psinfo Volatility Plugin

In the previous post we looked at HollowFind Volatility plugin and saw how it can detect different process hollowing techniques and display those malicious processes which are victims of process hollowing . In this post lets look at another Volatility plugin called Psinfo. This plugin is similar to hollowfind plugin but instead of identifying the […]