Skip to content

michaelprujan/edr_sample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
config
config
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

EDR Windows client app

Basic EDR which collects system events such as process_creation, file_written, network_connection, dns_request, from multiple ETW providers, using QUIC to send data.

Installation

  1. Build the project:

    cargo build

Usage

  1. Run the project:

    cargo run -- -f <PROVIDERS_FILE> -i <"1.1.1.1"> -p <3333> -t <5>

Note

  1. The version is not working properly.
  2. Added new function as_raw_ptr_hack to ferrisetw-1.2.0\src\native\etw_types\event_record.rs.
  3. Used TdhGetEventInformation struct to collect fields of the event.
  4. All events stored in hash table Hash <key= event_id, value = vector of fields>.
  5. Added QUIC client to send serialized hashtable.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages