2 रिपॉजिटरी
Analyzing runtime callstacks to detect redirections and anomalies indicative of malicious implants.
Distinct from Callstack Navigation: Candidates focus on debugging navigation or GPU profiling; this is security-focused runtime callstack auditing.
Explore 2 awesome GitHub repositories matching security & cryptography · Process Callstack Analysis. Refine with filters or upvote what's useful.
MemProcFS is a volatile memory analysis tool and cross-platform memory acquisition system. It functions as a memory forensic virtual file system, mapping physical memory and kernel objects into a virtual directory structure that allows users to analyze system artifacts using standard file system tools. The project distinguishes itself by providing a virtual file system for memory forensics, enabling the browsing and querying of physical memory as read-only files and folders. It also incorporates a Yara-based memory scanner to identify malware signatures and injected code within physical memor
Analyzes runtime callstacks of user-mode threads to identify function call traces using symbol resolution.
pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade
Analyzes process callstacks to identify anomalies and detect potential malicious activity within a running process.