Memhunter is an endpoint sensor tool specialized in detecting memory-resident malware. The detection process is performed through a combination of endpoint data collection and memory inspection scanners. Memhunter automates the detection of memory resident malware at scale. The tool is a standalone binary that, upon execution, deploys itself as a windows service. Once running as a service, memhunter starts the collection of ETW events that might indicate code injection attacks. The live stream of collected data events is feed into memory inspection scanners that use detection heuristics to down select the potential attacks to the one that represents actual fileless threats. The entire detection process does not require human intervention, neither memory dumps, and it can be performed by the tool itself, at scale, improving the threat hunting analysis process and remediation times.