1 مستودع
Engines that identify malicious activity by detecting redirections and anomalies in process callstacks.
Distinct from Process Metadata Analyzers: Distinguishes from general metadata analyzers or debuggers by focusing on security-oriented anomaly detection.
Explore 1 awesome GitHub repository matching security & cryptography · Process Callstack Analyzers. Refine with filters or upvote what's useful.
pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade
Detects malicious activity by identifying anomalies and redirections within a process callstack.