Memhunter is an endpoint sensor tool specialized in detecting memory-resident malware. The detection process is performed through a combination of endpoint data collection and memory inspection scanners. Memhunter automates the detection of memory resident malware at scale. The tool is a standalone binary that, upon execution, deploys itself as a windows service. Once running as a service, memhunter starts the collection of ETW events that might indicate code injection attacks. The live stream …