Aether
1 min read

Aether

Mr.Z June 2, 2026 1 min read

A memory forensic and threat hunting tool written in Zig and it has outstanding features to assist analysts on their tasks.

Active Current: v0.8

Development Progress

40% complete

Upcoming & In Progress

  • Process's module enumeration and determine detection In Progress v1.0

    I am working on a feature to enumerate process's loaded modules and build a detection logic for the loaded modules.

  • signature rules In Progress v0.9

    fix detection rule syntax and categories

Roadmap

In Progress (2)

  • Process's module enumeration and determine detection Medium v1.0

    I am working on a feature to enumerate process's loaded modules and build a detection logic for the loaded modules.

  • signature rules Medium v0.9

    fix detection rule syntax and categories

Completed (2)

  • API hashing with runtime resolution High v0.9

    For each region, scan for sequences of 8-byte values (on x64) that resolve to addresses within loaded module code sections.

    Completed: June 8, 2026
  • read memory region Medium v0.9

    Read memory region hex/ASCII without dumping into a file

    Completed: June 5, 2026

Documentation

Open docs