Home
D for Defense not just Detection:
- Block all non-privileged EXE/DLL file-based malware without the need for signatures/ML/AI
- Uncover "Living-off-the-Land" offensive techniques through additional data enrichment & analytics
- Open-source for further extension & customizations!
I hope to gather a network of users to share Indicators-of-Attack (or IoA) instead of just transient artefacts like IP-addresses/C2-URLs & file-hashes.
You have working knowledge of computers, networks & even programming with SQL, scripting & so on. You may even heard of the term EDR & seen vendors' demos, but these tools are still black-boxes &/or out-of-reach for you.
With OpenEDR, you can:
- Look at the Windows system at a deeper level, use it to understand how Windows-network infiltration operates
- See exactly which are the process sequences that are considered "benign" & frequently occurring but don't tell us much about attacks, but more importantly, spotting the rarely occurring ones
- As pen-testers, most of the file-base payloads will become "obvious" with certain endpoint detection or even blocked; how would you (& the adversaries) craft Living-off-the-Land techniques to evade?
The fleet of Windows endpoints you manage are mostly the same, running only a few specific apps. We are in bad times, budgets are tight, cyber-criminal activities heightened & increasing.
With OpenEDR, you can:
- Uncover poor file-permission configurations & usage patterns to fix before it becomes a breach
- Use it with free tools like Timefreeze (or Deep Freeze you have the budget) to secure your networks & reduce remedition time & effort; roll-back to a clean state automatically or centrally from management UI
- Understand the series of events that led to the incident; eg. users downloading & executing stuff counter to Acceptable-Usage Policies