/suspector

Identify possibly vulnerable PE files (.sys)

Primary LanguageCMIT LicenseMIT

Suspector

Identifies drivers potentially vulnerable to Physical Memory access attacks.

Running:

  • suspector.exe
  • python runner.py <in_dir> <vuln_dir>

Limitations:

  • Only supports PE32+ files.

Supports:

  • Windows

Credits: