Skip to content

SoulSec/OpenEDRclient

 
 

Repository files navigation

Open Endpoint Defense & Response

  • Tested on Windows 10, Server 2012R2 to 2019
  • Protects endpoints from non-escalated file-based PE Malware (EXE/DLL) & Office-macro malware
  • Detects Living-Off-The-Land offensive techniques without hard-coded rules
  • Responds by automated or backend triggered malicious process termination

It leverages the following components & reports to an OpenEDR server (click to find out more).

Sysmon

Sysinternal's license: https://docs.microsoft.com/en-us/sysinternals/license-terms

For non-Internet facing endpoints, please download Sysmon, modifiy install.ps1 accordingly & host within your internal web-server.

Nxlog-CE

This is an archived version of NXLog-CE tested with OpenEDR client agents. For commercial deployments, please contact NXLOG for commercial license.

Building your own installer

  • git clone this
  • change Sysmon, smconfig.xml or whatever that you need to
  • navigate to the project path (with cmd or powershell)
  • run batch file: updateInstaller.bat

Change-Log

See https://github.com/jymcheong/OpenEDRclient/commits/master

About

Open Endpoint Defense & Response

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 99.4%
  • Batchfile 0.6%