mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-15 15:34:56 +03:00
mukul975
30 lines
972 B
Markdown
30 lines
972 B
Markdown
# Process Hollowing Hunt Template
|
|
|
|
## Hunt Metadata
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| Hunt ID | TH-HOLLOW-YYYY-MM-DD-NNN |
|
|
| Analyst | |
|
|
| Date | |
|
|
| Status | [ ] In Progress / [ ] Complete |
|
|
|
|
## Hypothesis
|
|
> [e.g., "Adversaries have used process hollowing to inject malicious code into svchost.exe instances to evade detection."]
|
|
|
|
## Findings
|
|
|
|
| # | Host | Process | Parent | Expected Parent | Network Activity | Risk | Verdict |
|
|
|---|------|---------|--------|----------------|-----------------|------|---------|
|
|
| 1 | | | | | | | |
|
|
|
|
## Memory Analysis Results
|
|
| Process (PID) | Image Mismatch | Injected Code | VAD Anomaly | Verdict |
|
|
|--------------|----------------|---------------|-------------|---------|
|
|
| | | | | |
|
|
|
|
## Recommendations
|
|
1. **Memory Dump**: [Collect memory from affected hosts]
|
|
2. **Containment**: [Isolate compromised endpoints]
|
|
3. **Detection**: [Deploy Sysmon v13+ with Event ID 25]
|
|
4. **Prevention**: [Enable Attack Surface Reduction rules]
|