Skip to content
jc edited this page Sep 4, 2020 · 32 revisions

What can OpenEDR do for you?

IMAGE ALT TEXT HERE

D for Defense not just Detection:

  • Block all non-privileged EXE/DLL file-based malware without the need for signatures/ML/AI
  • Uncover "Living-off-the-Land" offensive techniques through additional data enrichment & analytics
  • Open-source for further extension & customizations!

I hope to gather a network of users to share Indicators-of-Attack (or IoA) instead of just transient artefacts like IP-addresses/C2-URLs & file-hashes.

Use-Cases

Students, IT Professionals & Penetration-Testers

You have working knowledge of computers, networks & even programming with SQL, scripting & so on. You may even heard of the term EDR & seen vendors' demosm but these tools are still black-boxes & out-of-reach for you.

With OpenEDR, you can:

  • Look at the Windows system at a deeper level, use it to understand how Windows-network infiltration operates
  • See exactly which are the process sequences that are considered "benign" & frequently occurring but don't tell us much about attacks, but more importantly, spotting the rarely occurring ones
  • As pen-testers, some of the file-base payloads will become "obvious" with certain endpoint detection tool & improve your trade-craft &/or helping your users develop better detection

Internet-Kiosk, E-Signature... Networks

The fleet of Windows endpoints you manage are mostly the same, running only a few specific apps. We are in bad times, budgets are tight, cyber-criminal activities heightened & increasing.

With OpenEDR, you can:

  • Uncover poor file-permission configurations & usage patterns to fix before it becomes a breach
  • Use it with free tools like Timefreeze (or Deep Freeze you have the budget) to secure your networks & reduce remedition time & effort; roll-back to a clean state automatically or centrally from management UI
  • Understand the series of events that led to the incident; eg. users downloading & executing stuff counter to Acceptable-Usage Policies
Clone this wiki locally