forrest-orr / moneta
Licence: GPL-3.0 license
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
Stars: ✭ 384
Programming Languages
Projects that are alternatives of or similar to moneta
ProcessInjector.NET
Learning Process Injection and Hollowing techniques
Stars: ✭ 23 (-94.01%)
Mutual labels: injection, process, hollowing
Virustotal Tools
Submits multiple domains to VirusTotal API
Stars: ✭ 29 (-92.45%)
Mutual labels: ioc, scanner, malware
Poodinis
A dependency injection framework for D with support for autowiring.
Stars: ✭ 57 (-85.16%)
Mutual labels: ioc, injection
Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+215.63%)
Mutual labels: ioc, scanner
React Ioc
Hierarchical Dependency Injection with new React 16 Context API
Stars: ✭ 133 (-65.36%)
Mutual labels: ioc, injection
Intelmq
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Stars: ✭ 611 (+59.11%)
Mutual labels: ioc, malware
Malware Ioc
Indicators of Compromises (IOC) of our various investigations
Stars: ✭ 955 (+148.7%)
Mutual labels: ioc, malware
Puresharp
Puresharp is a Framework that provides the essential APIs (AOP, IOC, etc...) to productively build high quality (.NET 4.5.2+ & .NET Core 2.1+) applications through reliability, scalability and performance without no compromise
Stars: ✭ 120 (-68.75%)
Mutual labels: ioc, injection
MalwareHashDB
Malware hashes for open source projects.
Stars: ✭ 31 (-91.93%)
Mutual labels: ioc, malware
Kernel-dll-injector
Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module
Stars: ✭ 256 (-33.33%)
Mutual labels: malware, injection
Tsyringe
Lightweight dependency injection container for JavaScript/TypeScript
Stars: ✭ 2,761 (+619.01%)
Mutual labels: ioc, injection
CEH
Exam Prep for the Ec-council Certified Ethical Hacker 312-50
Stars: ✭ 71 (-81.51%)
Mutual labels: malware, injection
Linux.mirai
Leaked Linux.Mirai Source Code for Research/IoC Development Purposes
Stars: ✭ 466 (+21.35%)
Mutual labels: ioc, malware
ioc-scanner
Search a filesystem for indicators of compromise (IoC).
Stars: ✭ 31 (-91.93%)
Mutual labels: ioc, scanner
Kangaru
🦘 A dependency injection container for C++11, C++14 and later
Stars: ✭ 297 (-22.66%)
Mutual labels: ioc, injection
Container Ioc
Inversion of Control container & Dependency Injection for Javascript and Node.js apps powered by Typescript.
Stars: ✭ 89 (-76.82%)
Mutual labels: ioc, injection
ioc-fanger
Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
Stars: ✭ 47 (-87.76%)
Mutual labels: ioc, malware
Zenject-2019
Dependency Injection Framework for Unity3D
Stars: ✭ 2,567 (+568.49%)
Mutual labels: ioc, injection
fusion
A simple automated dependency injection library for TypeScript, supporting React class and functional components.
Stars: ✭ 18 (-95.31%)
Mutual labels: ioc, injection
Loki
Loki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+477.34%)
Mutual labels: ioc, scanner
_____ __ / \ ____ ____ _____/ |______ / \ / \ / _ \ / \_/ __ \ __\__ \ / Y ( <_> ) | \ ___/| | / __ \_ \____|__ /\____/|___| /\___ >__| (____ / \/ \/ \/ \/ Moneta v1.0 | Forrest Orr | 2020 REQUIRED -m {*|region|referenced|ioc} -p {*|PID} OPTIONAL -v {detail|debug|surface} -d --option {from-base|statistics} --filter {unsigned-module|clr-prvx|clr-heap|metadata-modules} --address <memory address> --region-size <memory region size> -m The memory to select and apply scanner settings to. * Select all regions of committed memory. ioc Select only regions which have suspicions associated with them. region Select only the region(s) which overlap with the region provided through the --address and --region-size arguments. referenced Select only regions which are referenced within the region(s) associated with the provided --address and --region-size arguments -p The process(es) to scan. In the event that * is used, all accessible processes will be enumerated and scanned. --option Additional actions to optionally apply to the memory selected from the scan. from-base All subregions associated with the allocation bases of all selected memory will also be selected. statistics Calculate permission statistics on the selected memory after a scan has completed. -d Dump all selected memory to the local file system after each process scan is complete. --address A memory address in 0x* format to be used in conjunction with either the "region" or "referenced" selection types. --region-size Optionally specify the size of the region of the provided "--address." The default is a region size of 0. -v The verbosity level with which to print information related to the selected memory. The default is "surface" --filter The filters to apply when eliminating suspicions associated with selected memory. * Apply all filters. Only malware and unknown false positives shown. unsigned-module Regions of image memory associated with unsigned PE files. metadata-modules Regions of image memory stemming from signed Windows metadata PE files on disk. clr-heap Native executable heaps created during CLR initialization. clr-prvx Managed heaps associated with active CLR heaps and JIT code. wow64-init IOCs resulting from Wow64 process initialization such as certain modified system library code sections EXAMPLES Enumerate a detailed log of all committed memory in all processes on the OS: Moneta64.exe -m * -p * -v detail Enumerate surface level information related to suspicious memory in a specific process: Moneta64.exe -m ioc -p 1234 Enumerate surface level information related to suspicious memory in a specific process from its allocation base: Moneta64.exe -m ioc -p 1234 --option from-base Dump a specific memory region by address within a specific process from its allocation base: Moneta64.exe -m region -p 1234 --option from-base --address 0x0000000077DD0000 -d Enumerate surface level information related to suspicious memory in all processes and show memory statistics on IOCs and region types when the scan is complete: Moneta64.exe -m ioc -p * --option statistics Enumerate surface level information related to suspicious memory in all processes but exclude IOCs stemming from unsigned modules and metadata modules: Moneta64.exe -m ioc -p * --filter unsigned-modules metadata-modules
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].