05a2a5e063
- Detect threads in alertable wait states (prime APC targets) - Monitor suspicious thread start addresses - NtQueryInformationThread integration for APC queue inspection - Module base resolution for thread address validation - Cross-platform stubs for Linux/macOS Detects MITRE ATT&CK T1055.004 (Asynchronous Procedure Call). Generated with [Claude Code](https://claude.com/claude-code)