Home
D for Defense not just Detection:
- Block all non-privileged EXE/DLL file-based malware without the need for signatures/ML/AI
- Uncover "Living-off-the-Land" offensive techniques without huge & complex backend resources
- Open-source for further extension & customizations!
I hope to gather a network of users to share Indicators-of-Attack (or IoA) instead of just transient artefacts like IP-addresses/C2-URLs & file-hashes.
You have working knowledge of computers, networking, SQL, programming/scripting & so on. You may have even encountered the term EDR & watched vendors' demos, but these tools are still black-boxes &/or out-of-reach for you.
With OpenEDR, you can get started to:
- Visualize what "normal" processes look like in Windows under the hood
- Realize that "normal" tend to occur frequently
- Capture data & create custom queries (eg. which are the processes talks outbound to the Internet)
- Observe offensive methods to better advise your clients as pen-testers.
These homogeneous networks of endpoints running only a few apps.
With OpenEDR, you can:
- Uncover poor file-permission configurations & usage to fix before it becomes a breach
- Use together with free tools like Timefreeze to reduce remedition time & effort; roll-back to a clean state automatically
- Understand the series of events that led to the incident; eg. users downloading & executing stuff counter to Acceptable-Usage Policies