Keypoints
- DeepProbe automates the analysis of memory dumps from Windows, Linux, and macOS systems.
- It detects stealth techniques such as hidden processes, unlinked DLLs, and hidden drivers.
- The framework identifies persistence methods like autostart entries and scheduled tasks used by attackers.
- Memory analysis reveals command-and-control connections, suspicious ports, and geolocated IPs.
- DeepProbe correlates various signals to enhance detection confidence and maps findings to the MITRE ATT&CK framework.