Exploitation prevention and detection

IN PROGRESS
Bids
6
Avg Bid (GBP)
N/A
Project Budget (GBP)
£250 - £750

Project Description:
This project is a new generation security product. We require of you to build a proof of concept with recommendations.

The software follow a client server architecture.

Description:
The software agent is an endpoint solution and will be deployed on a typical Windows system. The software will run as a service on the windows system. The software will monitor kernel calls to disk. The software will permit all disk reads. When a request is sent to write files to disk that include machine executable code or PE code then the agent running on the machine will prohibit the files to be written to disk and put the files into a quarantine area. The software will report to a central server through https post or other secure client server methodology. All data must be collected and logged including process cals, IP address information, stack and debug information.

The client must support signatures for packers and PE code through yara. Signatures must be downloadable and updatable form the central server.

Although we expect the client to have a low memory footprint and developed in C without any .NET or other dependancies it would be an added benefit would be for the client to be modularised and support ruby scripts and plugins so that it could be cross platform capable.

Packer sand signatures for PE identification will be provided.

References:
https://code.google.com/p/yara-project/
https://code.google.com/p/yara-project/wiki/PackerRules
http://en.wikipedia.org/wiki/Portable_Executable
http://www.thehackademy.net/madchat/vxdevl/papers/winsys/pefile/pefile.htm
http://www.csn.ul.ie/~caolan/publink/winresdump/winresdump/doc/pefile2.html

Rails frontend:
A rails frontend server must be installed and run on IIS or Apache. Administrators will connect with their browsers to the frontend to administer it. The backend database must support Postgres of Sqlite. The frontend server must be completely cross platform compatible. The endpoint clients must connect and upload their status to the server. The server must be able to manipulate the agents through scripting commands.

Skills required:
C Programming, Ruby on Rails, Software Architecture
Additional Files: EPS-EDS.pdf
Hire gerthorne
Project posted by:
gerthorne United Kingdom
Verified
Public Clarification Board
Bids are hidden by the project creator. Log in as the employer to view bids or to bid on this project.
You will not be able to bid on this project if you are not qualified in one of the job categories. To see your qualifications click here.