Update:
Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.
We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.
It was recently featured in a blog post by Mike Cohen:
https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1
Stay tuned for memory analysis with velo part 2!
#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2
