- Added thread context inspection (RIP/EIP register analysis)
- Detect threads executing from RWX memory regions
- Detect threads in unbacked/private memory
- Thread start address vs current IP divergence detection
- Suspended thread analysis
- Support for both x86 and x64 architectures
- Cross-platform stubs for Linux/macOS
Detects MITRE ATT&CK T1055.003 (Thread Execution Hijacking).
Generated with [Claude Code](https://claude.com/claude-code)
d6eeb9e018