admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
30614fe77ef53772637846265380eff6bece4094
ghost/README.md
Adir Shitrit 55a8a90ce9 initial project structure
2025-11-07 18:01:19 +02:00

1.1 KiB
Raw Blame History

Ghost

Cross-platform process injection detection framework.

Overview

Ghost is a real-time detection system for identifying process injection techniques across Windows, Linux, and macOS platforms. It combines kernel-level monitoring with behavioral analysis to detect advanced injection methods.

Architecture

  • ghost-core: Core detection engine and platform abstraction
  • ghost-drivers: Platform-specific kernel components
  • ghost-tui: Terminal user interface
  • ghost-lib: Shared libraries and utilities
  • ghost-rules: Detection rules and signatures

Supported Techniques

Windows

  • Classic DLL injection (CreateRemoteThread)
  • APC injection (NtQueueApcThread)
  • Process hollowing
  • Thread hijacking
  • SetWindowsHookEx injection
  • Reflective DLL injection

Linux

  • ptrace injection
  • LD_PRELOAD manipulation
  • process_vm_writev injection
  • Shared memory injection

macOS

  • DYLD_INSERT_LIBRARIES
  • task_for_pid injection
  • Mach port manipulation

Building

cargo build --release

Status

Early development. Windows support in progress.

Reference in New Issue View Git Blame Copy Permalink