81 lines
No EOL
3.1 KiB
Markdown
81 lines
No EOL
3.1 KiB
Markdown
# YAEDR
|
|
|
|
Yet another FOSS endpoint detection and response system.
|
|
|
|
## Windows client todo
|
|
|
|
- [ ] Client
|
|
- [ ] Installer for the client (research more on this)
|
|
- [ ] Static file scanner
|
|
- [ ] File scanner using yara
|
|
- Research more on this topic
|
|
- [ ] Driver
|
|
- Research communication types between usermode and kernel mode
|
|
- [ ] Driver mapper (fuck you windows)
|
|
- [x] Driver normal loader (rewrite nonpasting later xD)
|
|
- [ ] Networking
|
|
- [ ] Server client communication in json (add a json parser)
|
|
- [ ] Auth with server with all the pc info (ip address, hardware, windows version, etc)
|
|
- [ ] Get the lastest driver binary get from the websocket
|
|
- [ ] Sending report on suspicious activity to the server
|
|
- [ ] Client security (trollface)
|
|
- [ ] Detect tampering attempts
|
|
- [ ] Detect hooking attempts
|
|
- [ ] Detect debugging attempts
|
|
|
|
## Administrator client todo
|
|
|
|
- [ ] Admin client
|
|
- [ ] Networking
|
|
- [ ] Server client communication in json (add a json parser)
|
|
- [ ] Auth with server (ip address, username, password)
|
|
- [ ] Request server to send any reports.
|
|
- [ ] Terminal based controls (terminal mode)
|
|
- [ ] Login page
|
|
- [ ] Connected clients page
|
|
- [ ] Threats page
|
|
- [ ] GUI (gui mode)
|
|
- [ ] Cross-compilation
|
|
- Figure out how to do render stuff xD
|
|
|
|
## Windows kernel driver todo
|
|
|
|
- [ ] Kernel Driver for client
|
|
- [ ] Windows version compactibility
|
|
- [ ] Usermode
|
|
- [ ] Report suspicious processes in a struct
|
|
- Research communication types between usermode and kernel mode
|
|
- [ ] Process Activity logging
|
|
- [ ] Process creation logging
|
|
- [ ] Process termination logging
|
|
- [ ] Protect access logging
|
|
- [ ] Image/Libray loaded logging
|
|
- [ ] Remote Thread Creation logging
|
|
- [ ] Process Tampering Activity logging
|
|
- [ ] Process Call Stacks logging
|
|
|
|
## Server todo
|
|
|
|
- [ ] Server
|
|
- [ ] Config
|
|
- [ ] Server information set and etc
|
|
- [ ] Cross-compilation between linux and windows
|
|
- [ ] Databases
|
|
- [ ] Create admin account (store account to the database)
|
|
- [ ] MySQL/MariaDB client
|
|
- [ ] Postgresql
|
|
- [ ] Filesystem DB
|
|
- [ ] Sqlite
|
|
- [ ] LMDB
|
|
- [ ] Storing all the payloads/suspicious files (on config)
|
|
- [ ] Networking
|
|
- [ ] Server client communication in json (add a json parser)
|
|
- [ ] Client
|
|
- [ ] Auth with target client (logging all the info provided and storing it somewhere, some kind of session system, expand this idea)
|
|
- [ ] Handling all the reports sent from all the clients (database)
|
|
- [ ] Deploying driver binaries via websocket after auth.
|
|
- [ ] Admin Client
|
|
- [ ] Auth with admin client (logging all the info provided and storing it somewhere, some kind of session system, expand this idea)
|
|
- [ ] Sending reports and all other stuff on request.
|
|
- [ ] Compiling
|
|
- [ ] Getting lastest driver src, compiling it and storing it |