Yet another FOSS endpoint detection and response system.
windows-client | ||
windows-kernel-driver | ||
.gitignore | ||
LICENSE | ||
README.md |
YAEDR
Yet another FOSS endpoint detection and response system.
Windows client todo
- Client
- Installer for the client (research more on this)
- Static file scanner
- File scanner using yara
- Research more on this topic
- Driver
- Research communication types between usermode and kernel mode
- Driver mapper (fuck you windows)
- Driver normal loader (rewrite nonpasting later xD)
- Networking
- Server client communication in json (add a json parser)
- Auth with server with all the pc info (ip address, hardware, windows version, etc)
- Get the lastest driver binary get from the websocket
- Sending report on suspicious activity to the server
- Client security (trollface)
- Detect tampering attempts
- Detect hooking attempts
- Detect debugging attempts
Administrator client todo
- Admin client
- Networking
- Server client communication in json (add a json parser)
- Auth with server (ip address, username, password)
- Request server to send any reports.
- Terminal based controls (terminal mode)
- Login page
- Connected clients page
- Threats page
- GUI (gui mode)
- Cross-compilation
- Figure out how to do render stuff xD
- Networking
Windows kernel driver todo
- Kernel Driver for client
- Windows version compactibility
- Usermode
- Report suspicious processes in a struct
- Research communication types between usermode and kernel mode
- Process Activity logging
- Process creation logging
- Process termination logging
- Protect access logging
- Image/Libray loaded logging
- Remote Thread Creation logging
- Process Tampering Activity logging
- Process Call Stacks logging
Server todo
- Server
- Config
- Server information set and etc
- Cross-compilation between linux and windows
- Databases
- Create admin account (store account to the database)
- MySQL/MariaDB client
- Postgresql
- Filesystem DB
- Sqlite
- LMDB
- Storing all the payloads/suspicious files (on config)
- Networking
- Server client communication in json (add a json parser)
- Client
- Auth with target client (logging all the info provided and storing it somewhere, some kind of session system, expand this idea)
- Handling all the reports sent from all the clients (database)
- Deploying driver binaries via websocket after auth.
- Admin Client
- Auth with admin client (logging all the info provided and storing it somewhere, some kind of session system, expand this idea)
- Sending reports and all other stuff on request.
- Compiling
- Getting lastest driver src, compiling it and storing it
- Config