1 repositorio
Analyzing process callstacks to detect redirections and execution flow anomalies typical of memory-resident implants.
Distinct from Anomaly Detection: Existing anomaly detection candidates focus on statistical data or system metrics, not low-level execution flow in process memory.
Explore 1 awesome GitHub repository matching security & cryptography · Callstack Anomaly Detection. Refine with filters or upvote what's useful.
pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade
Provides an engine to detect malicious activity by identifying anomalies and redirections within a process callstack.