Skip to content

Requirement Ideas #1

New issue
New issue
Open
Open
Requirement Ideas#1
@rothoma2

Description

@rothoma2
rothoma2
opened on Oct 22, 2024

It is our ambittion to work on an opensource EDR at some point of the project.

EDR are complex software projects, that can be quite large code bases, into the millions of lines of code. It is generally consider expensive software projects to develop and maintain.

Comodo, released an Open Source version of their EDR, openEDR https://github.com/ComodoSecurity/openedr but it has a few problems:

  1. They dont seem to provide, compile binaries out of the box.
  2. You need to contact them, but they dont respond.
  3. It seems to be sending events, to a cloud platforms that is not Free / Open Source.

We would like to fork, and reuse as much functionality of this EDR as possible. For that first we need to inspect, dissect and learn from this code base.

The focus areas are:

  1. Compile and use parts of the project.
  2. Extract and get a Minidriver working (minidilfer kernel driver, to get notified on any new file created, to submit for scanning).
  3. DLL Hooking, and event sending to a backend.
  4. Registry Activities Monitoring.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions