Skip to content
Jym Cheong edited this page May 3, 2021 · 32 revisions

What can OpenEDR do for you?

IMAGE ALT TEXT HERE

D for Defense not just Detection:

  • Block all non-privileged EXE/DLL file-based malware without the need for signatures/ML/AI
  • Deny often used "Fileless" delivery methods without complex hardening efforts
  • Uncover "Living-off-the-Land" offensive techniques without huge & complex backend resources
  • Open-source for further extension & customizations!

I hope to gather a network of users to share Indicators-of-Attack (or IoA) instead of just transient artefacts like IP-addresses/C2-URLs & file-hashes.

Use-Cases

Students, IT Professionals & Penetration-Testers

You have working knowledge of computers, networking, SQL, programming/scripting & so on. You may have even encountered the term EDR & watched vendors' demos, but these tools are still black-boxes or out-of-reach for you.

With OpenEDR, you can get started to:

  • Visualize the difference between benign vs malicious Code-Execution
  • Capture data & create custom queries (eg. which are the processes talks outbound to the Internet)
  • Observe offensive methods to better advise your clients as pen-testers.

Internet-Kiosks, Digital-Signage... Networks

These homogeneous networks of endpoints running only a few apps.

With OpenEDR, you can:

  • Uncover poor file-permission/ownership & usage to fix before it become a problem.
  • Use together with free tools like Timefreeze to reduce remedition time & effort; roll-back to a clean state automatically
  • Understand the series of events leading to an incident; eg. narrow down "Patient/Victim Zero"
Clone this wiki locally