Skip to content

joe-desimone/patriot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Patriot

Patriot_missile_launch_b

Small research project for detecting various kinds of in-memory stealth techniques.

Download the latest release here.

The current version supports the following detections:

  • Suspicious CONTEXT structures pointing to VirtualProtect functions. (Targets research by Austin Hudson Foliage and Ekko by Cracked5pider).
  • Validation of MZ/PE headers in memory to detect process hollowing variants.
  • Unbacked executable regions running at high integrity.
  • Modified code used in module stomping/overwriting.
  • Various other anomalies.

image

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Packages

No packages published