Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Finding stealth injected DLLs - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Finding stealth injected DLLs

I've mentioned Volatility here before and I use it in my day job doing malware analysis.  The problem is, I know it is capable of doing a lot more than I am currently using it for, but I rarely have the time to sit down and play with it and learn how to use it better.  So, I was very pleased when I noticed that Michael Hale Ligh has written 2 pieces on how to use Volatility to find DLLs that have been stealthily injected into running processes.  The first is Locating Hidden Clampi DLLs and the second is entitled Recovering Coreflood Binaries with Volatility.  Does anyone else out there have any other tools/methods they use for trying to detect and analyze these DLL injections (or even non-stealthy ones)?  Let me know via the contact page and I'll update this story.

Jim

399 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!