The most comprehensive in-memory hunting tool ever.
memSniper use cases:
This groundbreaking tool creates high resolution snapshots of a running process. These snapshots are ideal for forensics analysis, and malware analysis of running programs in Linux. The libecfsreader API can be used to rapidly design advanced malware analysis solutions for automated detection of threats within a process.
Other use-cases are detection of exploitation attempts, such as detecting a ROP chain on the stack when a program crashes, indicating an exploitation attempt by an attacker.
memSniper is crucial in verifying the integrity of running programs, by making sure that the programs that are running on the system are executing only the code that SHOULD be executing. For example, memSniper quickly detects memory-injected shared library redirection, PLT/GOT hooks, and many other types of anomalies that indicate infected processes.