J0k3rj0k3r Posted January 17, 2019 Share Posted January 17, 2019 Shed is an application that allow to inspect the .NET runtime of a program in order to extract useful information. It can be used to inspect malicious applications in order to have a first general overview of which information are stored once that the malware is executed. Shed is able to: Inject a .NET Assembly in a remote process (both managed and un-managed) Extract all objects stored in the managed heap Print strings stored in memory Save the snapshot of the heap in a JSON format for post-processing Dump all modules that are loaded in memory This is the hidden content, please Sign In or Sign Up SRC This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts