| Feature / Layer | Kernel-gestütztes EDR-System | Cross-Platform EDR Map | EDR-EXPLANATION Summary |
|---|---|---|---|
| Platform Scope | Windows (kernel-mode) | Windows, Linux, macOS | Windows-focused |
| Monitoring Mechanism | Kernel callbacks (OB, Ps...) | ETW, eBPF, EndpointSecurity | ETW + Registry + MiniDump |
| Process Protection | Blocks ProtectedApp.exe | Abstracted across OSes | Self-healing + restart |
| Encryption | TPM-backed AES-GCM | TLS for agent comms | TPM + AES-256 + ECDSA |
| Event Logging | ETW with sampling | Unified JSON schema | Structured ETW events |
| Deployment Strategy | PowerShell + WDAC | Intune, Ansible, MDM | Intune + HLK automation |
| Detection Engine | Signature + heuristics | Sigma/YARA-L + optional ML | IOC + Defender ATP |
| Response Actions | Block access, restore files | Kill process, quarantine | Restart protected process |
| Security Hardening | CMake flags + signed driver | WHQL, DKMS, Notarization | Registry keys + WHQL |
| Red Team Validation | Not mentioned | Atomic Red Team + benchmarks | Azure DevOps pipeline |
| Cloud Integration | WDAC + TPM | SIEMs (Splunk, Sentinel) | Defender ATP + Azure DevOps |
| Scalability | Single-platform | Modular agents across OSes | 10,000+ endpoints |
Siehe Wiki & Diskussionen für Architekturdetails und Roadmap.
Chain-of-Trust für Windows-Treiber mit TPM & WDAC
- 🧩 Modularer CMake-Build mit vcpkg
- 🔐 TPM-gestützte Vertrauensprüfung
- 🛡️ WDAC-konforme Treibersignatur
- ⚙️ Automatisierter CI-Workflow mit GitHub Actions
git clone https://github.com/SHAdd0WTAka/Chain_of_Trust.git
cd Chain_of_Trust
cmake -S . -B build -DCMAKE_TOOLCHAIN_FILE=vcpkg/scripts/buildsystems/vcpkg.cmake
cmake --build build --config Release
ctest --test-dir build -C Release- Leeres Repo auf GitHub anlegen („Chain_of_Trust“).
- Alle Dateien aus dem Struktur-Block hineinkopieren.
- Commit & Push – GitHub Actions baut sofort.
WHQL- / EV-Zertifikat eintragen → fertig für Produktion.
MIT – free for commercial use, patent clause included.