mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 14:14:56 +03:00
mukul975
972 B
972 B
Process Hollowing Hunt Template
Hunt Metadata
| Field | Value |
|---|---|
| Hunt ID | TH-HOLLOW-YYYY-MM-DD-NNN |
| Analyst | |
| Date | |
| Status | [ ] In Progress / [ ] Complete |
Hypothesis
[e.g., "Adversaries have used process hollowing to inject malicious code into svchost.exe instances to evade detection."]
Findings
| # | Host | Process | Parent | Expected Parent | Network Activity | Risk | Verdict |
|---|---|---|---|---|---|---|---|
| 1 |
Memory Analysis Results
| Process (PID) | Image Mismatch | Injected Code | VAD Anomaly | Verdict |
|---|---|---|---|---|
Recommendations
- Memory Dump: [Collect memory from affected hosts]
- Containment: [Isolate compromised endpoints]
- Detection: [Deploy Sysmon v13+ with Event ID 25]
- Prevention: [Enable Attack Surface Reduction rules]