Home
D for Defense not just Detection:
- Block all non-privileged EXE/DLL file-based malware without the need for signatures/ML/AI
- Uncover "Living-off-the-Land" offensive techniques through additional data enrichment & analytics
- Open-source for further extension & customizations!
I hope to gather a network of users to share Indicators-of-Attack (or IoA) instead of just transient artefacts like IP-addresses/C2-URLs & file-hashes.
You have working knowledge of computers, networks & even programming with SQL, scripting & so on. You may even heard of the term EDR & seen vendors' demos, but these tools are still black-boxes &/or out-of-reach for you.
With OpenEDR, you can:
- Look at the Windows system at a deeper level, use it to understand how Windows-network infiltration operates
- See exactly which are the process sequences that are considered "benign" & frequently occurring but don't tell us much about attacks, but more importantly, spotting the rarely occurring ones
- As pen-testers, have deeper insights to the offensive methods to better advise your clients.
Typically homogeneous network with hosts running only a few specific apps. Times are bad, budgets are tight. With cyber-criminal activities increasing, the candle is burning at both ends for many.
With OpenEDR, you can:
- Uncover poor file-permission configurations & usage patterns to fix before it becomes a breach
- Use it with free tools like Timefreeze (or Deep Freeze you have the budget) to secure your networks & reduce remedition time & effort; roll-back to a clean state automatically or centrally from management UI
- Understand the series of events that led to the incident; eg. users downloading & executing stuff counter to Acceptable-Usage Policies