Exploitation prevention and detection

In Progress

This project is a new generation security product. We require of you to build a proof of concept with recommendations.

The software follow a client server architecture.

Description:

The software agent is an endpoint solution and will be deployed on a typical Windows system. The software will run as a service on the windows system. The software will monitor kernel calls to disk. The software will permit all disk reads. When a request is sent to write files to disk that include machine executable code or PE code then the agent running on the machine will prohibit the files to be written to disk and put the files into a quarantine area. The software will report to a central server through https post or other secure client server methodology. All data must be collected and logged including process cals, IP address information, stack and debug information.

The client must support signatures for packers and PE code through yara. Signatures must be downloadable and updatable form the central server.

Although we expect the client to have a low memory footprint and developed in C without any .NET or other dependancies it would be an added benefit would be for the client to be modularised and support ruby scripts and plugins so that it could be cross platform capable.

Packer sand signatures for PE identification will be provided.

References:

[url removed, login to view]

[url removed, login to view]

[url removed, login to view]

[url removed, login to view]

[url removed, login to view]~caolan/publink/winresdump/winresdump/doc/[url removed, login to view]

Rails frontend:

A rails frontend server must be installed and run on IIS or Apache. Administrators will connect with their browsers to the frontend to administer it. The backend database must support Postgres of Sqlite. The frontend server must be completely cross platform compatible. The endpoint clients must connect and upload their status to the server. The server must be able to manipulate the agents through scripting commands.

Skills: C Programming, Ruby on Rails, Software Architecture

See more: www doc google com, wikipedia post-it, ul com, stack programming, security benefit, ruby programming wiki, ruby on rails wiki, ruby on rails org, rails architecture, programming with ruby on rails, programming wiki, programming ruby, programming methodology, programming in ruby, post of ruby rails, postgres support, postgres service, https code org, html post data ruby on rails, cross product area, c programming wiki, architecture ruby on rails, apache programming, rails any, postgres commands

Project ID: #4477660