Command-and-control (C2) frameworks running solely in memory can evade standard AV and EDR solutions. This talk demonstrates how Threatray detects these stealthy C2 tools and enhances threat investigations. We’ll showcase Threatray’s memory-based analysis, revealing how it identifies malicious code, detects payload modifications, and streamlines responses. Attendees will learn how these capabilities bridge the gap between initial detection and deeper analysis, helping teams respond more effectively to emerging threats.