hunting malware in memory from endgame

I tend to usually avoid vendor blogs since they are usually self-serving as far as presenting a problem in a singular way that makes their product the answer; basically marketing posts. But I do appreciate posts that offer additional knowledge beyond just the marketing slant. Endgame has a post about hunting malware threads and processes in memory. I highlight this post, because it starts out by going over various methods that malware attempts to dig into memory and hide. And then it has a paragraph about detecting things like this using a PowerShell tool, Get-InjectedThreads.

Super cool information for someone getting into malware analysis or detection.

Leave a Reply

Your email address will not be published.