Module pam_hooks 

PAM library hook detection.

Detects processes that have loaded a PAM-related shared library (libpam*.so) from non-standard system paths, which is a strong indicator of credential theft (MITRE ATT&CK T1556.003).

Re-exports

pub use crate::heuristics::classify_pam_hook;

Structs

PamHookInfo

Information about a suspicious PAM library loaded by a process.

Functions

walk_pam_hooks

Walk all process VMAs and report PAM libraries loaded from non-system paths.