Workshop: Forensic Analysis of eBPF based Linux Rootkits
-
Updated
Mar 13, 2024 - C
Workshop: Forensic Analysis of eBPF based Linux Rootkits
Dynamic unpacker based on PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Add a description, image, and links to the memory-forensics topic page so that developers can more easily learn about it.
To associate your repository with the memory-forensics topic, visit your repo's landing page and select "manage topics."