2 个仓库
Analyzing runtime callstacks to detect redirections and anomalies indicative of malicious implants.
Distinct from Callstack Navigation: Candidates focus on debugging navigation or GPU profiling; this is security-focused runtime callstack auditing.
Explore 2 awesome GitHub repositories matching security & cryptography · Process Callstack Analysis. Refine with filters or upvote what's useful.
MemProcFS 是一个易失性内存分析工具和跨平台内存获取系统。它作为一个内存取证虚拟文件系统,将物理内存和内核对象映射到虚拟目录结构中,允许用户使用标准文件系统工具分析系统工件。 该项目通过提供用于内存取证的虚拟文件系统脱颖而出,能够将物理内存作为只读文件和文件夹进行浏览和查询。它还结合了基于 Yara 的内存扫描器,以识别物理内存中的恶意软件签名和注入代码。 该引擎涵盖了广泛的取证功能,包括进程和线程检查、网络连接列表和 Windows 注册表分析。它支持从实时系统、崩溃转储和虚拟机中摄取数据,同时提供符号解析以将原始内存地址转换为有意义的名称。 集成通过多语言程序化接口和针对 C 和 Java 的原生库包装器,以及用于自动化工作流的无头 Python 脚本提供支持。
Analyzes runtime callstacks of user-mode threads to identify function call traces using symbol resolution.
pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade
Analyzes process callstacks to identify anomalies and detect potential malicious activity within a running process.