Completed

Exploitation prevention and detection

This project was successfully completed by inigmasoftware for £550 GBP in 3 days.

Get free quotes for a project like this
Employer working
Completed by:
Project Budget
£250 - £750 GBP
Completed In
3 days
Total Bids
6
Project Description

This project is a new generation security product. We require of you to build a proof of concept with recommendations.

The software follow a client server architecture.

Description:

The software agent is an endpoint solution and will be deployed on a typical Windows system. The software will run as a service on the windows system. The software will monitor kernel calls to disk. The software will permit all disk reads. When a request is sent to write files to disk that include machine executable code or PE code then the agent running on the machine will prohibit the files to be written to disk and put the files into a quarantine area. The software will report to a central server through https post or other secure client server methodology. All data must be collected and logged including process cals, IP address information, stack and debug information.

The client must support signatures for packers and PE code through yara. Signatures must be downloadable and updatable form the central server.

Although we expect the client to have a low memory footprint and developed in C without any .NET or other dependancies it would be an added benefit would be for the client to be modularised and support ruby scripts and plugins so that it could be cross platform capable.

Packer sand signatures for PE identification will be provided.

References:

[url removed, login to view]

[url removed, login to view]

[url removed, login to view]

[url removed, login to view]

[url removed, login to view]~caolan/publink/winresdump/winresdump/doc/[url removed, login to view]

Rails frontend:

A rails frontend server must be installed and run on IIS or Apache. Administrators will connect with their browsers to the frontend to administer it. The backend database must support Postgres of Sqlite. The frontend server must be completely cross platform compatible. The endpoint clients must connect and upload their status to the server. The server must be able to manipulate the agents through scripting commands.

SUBMIT DATE

LAST UPDATED

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online