Module systemd_units 

In-memory systemd unit analysis.

Scans the systemd (PID 1) process VMAs for unit file content patterns (.service, .timer strings and associated ExecStart= commands) to detect malicious persistence (MITRE ATT&CK T1543.002).

Structs

SystemdUnitInfo

Information about a systemd unit found in memory.

Functions

classify_systemd_unit

Classify whether a systemd unit is suspicious.

walk_systemd_units

Walk the systemd process VMAs and extract unit information from memory strings.