Yet another FOSS endpoint detection and response system.
Find a file
2025-06-19 02:22:45 -07:00
windows-client more cleanup lol 2025-06-19 02:02:22 -07:00
windows-kernel-driver Things and stuff 2025-06-18 14:08:24 -07:00
.gitignore Update .gitignore 2025-06-18 21:03:28 +00:00
LICENSE Initial commit 2025-06-16 19:46:52 +00:00
README.md plans update 2025-06-19 02:22:45 -07:00

YAEDR

Yet another FOSS endpoint detection and response system.

Windows client todo

  • Client
    • Installer for the client (research more on this)
    • Static file scanner
      • File scanner using yara
      • Research more on this topic
    • Driver
      • Research communication types between usermode and kernel mode
      • Driver mapper (fuck you windows)
      • Driver normal loader (rewrite nonpasting later xD)
    • Networking
      • Server client communication in json (add a json parser)
      • Auth with server with all the pc info (ip address, hardware, windows version, etc)
      • Get the lastest driver binary get from the websocket
      • Sending report on suspicious activity to the server
    • Client security (trollface)
      • Detect tampering attempts
      • Detect hooking attempts
      • Detect debugging attempts

Administrator client todo

  • Admin client
    • Networking
      • Server client communication in json (add a json parser)
      • Auth with server (ip address, username, password)
      • Request server to send any reports.
    • Terminal based controls (terminal mode)
      • Login page
      • Connected clients page
      • Threats page
    • GUI (gui mode)
      • Cross-compilation
      • Figure out how to do render stuff xD

Windows kernel driver todo

  • Kernel Driver for client
    • Windows version compactibility
    • Usermode
      • Report suspicious processes in a struct
      • Research communication types between usermode and kernel mode
    • Process Activity logging
      • Process creation logging
      • Process termination logging
      • Protect access logging
      • Image/Libray loaded logging
      • Remote Thread Creation logging
      • Process Tampering Activity logging
      • Process Call Stacks logging

Server todo

  • Server
    • Config
      • Server information set and etc
    • Cross-compilation between linux and windows
    • Databases
      • Create admin account (store account to the database)
      • MySQL/MariaDB client
      • Postgresql
      • Filesystem DB
      • Sqlite
      • LMDB
      • Storing all the payloads/suspicious files (on config)
    • Networking
      • Server client communication in json (add a json parser)
      • Client
        • Auth with target client (logging all the info provided and storing it somewhere, some kind of session system, expand this idea)
        • Handling all the reports sent from all the clients (database)
        • Deploying driver binaries via websocket after auth.
      • Admin Client
        • Auth with admin client (logging all the info provided and storing it somewhere, some kind of session system, expand this idea)
        • Sending reports and all other stuff on request.
    • Compiling
      • Getting lastest driver src, compiling it and storing it