GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → forrest-orr → moneta

forrest-orr / moneta

Licence: GPL-3.0 license
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs

Programming Languages

C++
36643 projects - #6 most used programming language
c
50402 projects - #5 most used programming language
C#
18002 projects

Labels

windowsiocmemoryscannermalwareinjectionprocessdumpmonetapeartifactreflectiveusermodehollowing

Projects that are alternatives of or similar to moneta

ProcessInjector.NET
Learning Process Injection and Hollowing techniques
Stars: ✭ 23 (-94.01%)
Mutual labels:  injection, process, hollowing
Virustotal Tools
Submits multiple domains to VirusTotal API
Stars: ✭ 29 (-92.45%)
Mutual labels:  ioc, scanner, malware
Poodinis
A dependency injection framework for D with support for autowiring.
Stars: ✭ 57 (-85.16%)
Mutual labels:  ioc, injection
Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+215.63%)
Mutual labels:  ioc, scanner
React Ioc
Hierarchical Dependency Injection with new React 16 Context API
Stars: ✭ 133 (-65.36%)
Mutual labels:  ioc, injection
Intelmq
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Stars: ✭ 611 (+59.11%)
Mutual labels:  ioc, malware
Malware Ioc
Indicators of Compromises (IOC) of our various investigations
Stars: ✭ 955 (+148.7%)
Mutual labels:  ioc, malware
Puresharp
Puresharp is a Framework that provides the essential APIs (AOP, IOC, etc...) to productively build high quality (.NET 4.5.2+ & .NET Core 2.1+) applications through reliability, scalability and performance without no compromise
Stars: ✭ 120 (-68.75%)
Mutual labels:  ioc, injection
MalwareHashDB
Malware hashes for open source projects.
Stars: ✭ 31 (-91.93%)
Mutual labels:  ioc, malware
Kernel-dll-injector
Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module
Stars: ✭ 256 (-33.33%)
Mutual labels:  malware, injection
Tsyringe
Lightweight dependency injection container for JavaScript/TypeScript
Stars: ✭ 2,761 (+619.01%)
Mutual labels:  ioc, injection
CEH
Exam Prep for the Ec-council Certified Ethical Hacker 312-50
Stars: ✭ 71 (-81.51%)
Mutual labels:  malware, injection
Linux.mirai
Leaked Linux.Mirai Source Code for Research/IoC Development Purposes
Stars: ✭ 466 (+21.35%)
Mutual labels:  ioc, malware
ioc-scanner
Search a filesystem for indicators of compromise (IoC).
Stars: ✭ 31 (-91.93%)
Mutual labels:  ioc, scanner
Kangaru
🦘 A dependency injection container for C++11, C++14 and later
Stars: ✭ 297 (-22.66%)
Mutual labels:  ioc, injection
Container Ioc
Inversion of Control container & Dependency Injection for Javascript and Node.js apps powered by Typescript.
Stars: ✭ 89 (-76.82%)
Mutual labels:  ioc, injection
ioc-fanger
Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
Stars: ✭ 47 (-87.76%)
Mutual labels:  ioc, malware
Zenject-2019
Dependency Injection Framework for Unity3D
Stars: ✭ 2,567 (+568.49%)
Mutual labels:  ioc, injection
fusion
A simple automated dependency injection library for TypeScript, supporting React class and functional components.
Stars: ✭ 18 (-95.31%)
Mutual labels:  ioc, injection
Loki
Loki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+477.34%)
Mutual labels:  ioc, scanner
View All Similar Projects ➔ 
   _____                        __          
  /     \   ____   ____   _____/  |______   
 /  \ /  \ /  _ \ /    \_/ __ \   __\__  \  
/    Y    (  <_> )   |  \  ___/|  |  / __ \_
\____|__  /\____/|___|  /\___  >__| (____  /
        \/            \/     \/          \/ 

Moneta v1.0 | Forrest Orr | 2020

REQUIRED

-m {*|region|referenced|ioc}
-p {*|PID}

OPTIONAL

-v {detail|debug|surface}
-d
--option {from-base|statistics}
--filter {unsigned-module|clr-prvx|clr-heap|metadata-modules}
--address <memory address>
--region-size <memory region size>


-m                  The memory to select and apply scanner settings to.

                    *                   Select all regions of committed memory.
                    ioc                 Select only regions which have suspicions associated with them.
                    region              Select only the region(s) which overlap with the region provided
                                        through the --address and --region-size arguments.
                    referenced          Select only regions which are referenced within the region(s)
                                        associated with the provided --address and --region-size arguments
-p                  The process(es) to scan. In the event that * is used, all accessible processes will
                    be enumerated and scanned.
--option            Additional actions to optionally apply to the memory selected from the scan.

                    from-base           All subregions associated with the allocation bases of all
                                        selected memory will also be selected.
                    statistics          Calculate permission statistics on the selected memory after a
                                        scan has completed.
-d                  Dump all selected memory to the local file system after each process scan is complete.
--address           A memory address in 0x* format to be used in conjunction with either the "region" or
                    "referenced" selection types.
--region-size       Optionally specify the size of the region of the provided "--address." The default is
                    a region size of 0.
-v                  The verbosity level with which to print information related to the selected memory.
                    The default is "surface"
--filter            The filters to apply when eliminating suspicions associated with selected memory.
                    
                    *                   Apply all filters. Only malware and unknown false positives shown.
                    unsigned-module     Regions of image memory associated with unsigned PE files.
                    metadata-modules    Regions of image memory stemming from signed Windows metadata PE
                                        files on disk.
                    clr-heap            Native executable heaps created during CLR initialization.
                    clr-prvx            Managed heaps associated with active CLR heaps and JIT code.
                    wow64-init          IOCs resulting from Wow64 process initialization such as certain
                                        modified system library code sections
										
EXAMPLES

Enumerate a detailed log of all committed memory in all processes on the OS:

    Moneta64.exe -m * -p * -v detail

Enumerate surface level information related to suspicious memory in a specific process:

    Moneta64.exe -m ioc -p 1234
	
Enumerate surface level information related to suspicious memory in a specific process from its allocation
base:

    Moneta64.exe -m ioc -p 1234 --option from-base

Dump a specific memory region by address within a specific process from its allocation base:

    Moneta64.exe -m region -p 1234 --option from-base --address 0x0000000077DD0000 -d
    
Enumerate surface level information related to suspicious memory in all processes and show memory
statistics on IOCs and region types when the scan is complete:

    Moneta64.exe -m ioc -p * --option statistics
	
Enumerate surface level information related to suspicious memory in all processes but exclude IOCs
stemming from unsigned modules and metadata modules:

    Moneta64.exe -m ioc -p * --filter unsigned-modules metadata-modules
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].