-
Notifications
You must be signed in to change notification settings - Fork 8
Home
Jym Cheong edited this page Mar 1, 2021
·
32 revisions
D for Defense not just Detection:
- Block all non-privileged EXE/DLL file-based malware without the need for signatures/ML/AI
- Deny often used "Fileless" delivery methods without complex hardening efforts
- Uncover "Living-off-the-Land" offensive techniques without huge & complex backend resources
- Open-source for further extension & customizations!
I hope to gather a network of users to share Indicators-of-Attack (or IoA) instead of just transient artefacts like IP-addresses/C2-URLs & file-hashes.
You have working knowledge of computers, networking, SQL, programming/scripting & so on. You may have even encountered the term EDR & watched vendors' demos, but these tools are still black-boxes &/or out-of-reach for you.
With OpenEDR, you can get started to:
- Visualize the difference between benign vs malicious Code-Execution
- Capture data & create custom queries (eg. which are the processes talks outbound to the Internet)
- Observe offensive methods to better advise your clients as pen-testers.
These homogeneous networks of endpoints running only a few apps.
With OpenEDR, you can:
- Uncover poor file-permission configurations & usage to fix before it becomes a breach
- Use together with free tools like Timefreeze to reduce remedition time & effort; roll-back to a clean state automatically
- Understand the series of events leading to an incident; eg. narrow down "Patient/Victim Zero"