- 4
- 732
FluxSec
United Kingdom
เข้าร่วมเมื่อ 9 ม.ค. 2024
Programming cyber security, and general nerdary.
Event Tracing for Windows Threat Intelligence for a Rust EDR
In this video we implement a Event Tracing for Windows: Threat Intelligence consumer, which requires extremely high SYSTEM privilege to do. This video complements a technical blog post you can find: fluxsec.red/event-tracing-for-windows-threat-intelligence-rust-consumer
ETW provides deep visibility into suspicious behavior that traditional antivirus often misses. We’re leveraging it to build an Endpoint Detection and Response (EDR) system in Rust to catch stealthy malware techniques in real-time.
This project is available on GitHub, the ETW specific part can be found: github.com/0xflux/Sanctum/blob/main/sanctum_ppl_runner/src/tracing.rs
If you like this video, please like and subscribe, and give some love by starring my EDR project on GitHub!
ETW provides deep visibility into suspicious behavior that traditional antivirus often misses. We’re leveraging it to build an Endpoint Detection and Response (EDR) system in Rust to catch stealthy malware techniques in real-time.
This project is available on GitHub, the ETW specific part can be found: github.com/0xflux/Sanctum/blob/main/sanctum_ppl_runner/src/tracing.rs
If you like this video, please like and subscribe, and give some love by starring my EDR project on GitHub!
มุมมอง: 180
วีดีโอ
Syscall hooking with a Rust | Inspecting the environment | Part 2
มุมมอง 15114 วันที่ผ่านมา
This is the part 2 video POC of writing a syscall hook for an EDR in Rust, involving a kernel mode driver, engine, and an injected DLL. Check this out on my blog: fluxsec.red/implementing-syscall-hooking-rust Check this out on GitHub: github.com/0xflux/Sanctum
Syscall hooking with a Rust windows Driver and EDR malware evasion
มุมมอง 28214 วันที่ผ่านมา
Demo of writing a syscall hooking feature in the Sanctum EDR combatting malware EDR evasion techniques such as direct syscalls, hells gate, and indirect syscalls. To find more information, check my blog post here: fluxsec.red/implementing-syscall-hooking-rust. If you are interested in this project, or Rust Driver development in Windows, check out my blog series here: fluxsec.red/sanctum-edr-intro!
Exploiting WinSxS: DLL Hijacking Techniques by Security Joes
มุมมอง 238ปีที่แล้ว
Here we take a look at DLL Search Order Hijacking as per the research done by Security Joes on 1st Jan 2024, Hide and Seek in Windows' Closet: Unmasking the WinSxS Hijacking Hideout. Full credit to Security Joes for the research! @securityjoes3114 www.securityjoes.com/post/hide-and-seek-in-windows-closet-unmasking-the-winsxs-hijacking-hideout Here we use a home built reflective DLL injector to ...
Cool video! Would you mind increasing the font size for the following videos?
Will do! Thanks for the feedback :)
How do i write better Rust code? and this looks cool. any sources on learning assembly? (x86_64)
Depends on what you mean by better :) in my experience its just a case of getting more exposure to it. Starting off by completing the Rust book, and then putting it into practice. Pick a project you want to work on, complete it, go again, and over and over - what you will find is over time you'll improve and you'll start wandering into more advanced Rust topics. This guys TH-cam channel is also absolutely incredible for rust content. www.youtube.com/@jonhoo Re assembly, Hackthebox have a fantasitc assembly course, if you have a couple of quid to spare I would recommend that. Aside from that I dont know of any other named resources, doing a bit of C then decompiling it is also a good way to learn. Wouldn't recommend using Rust for that as rust decompilation is a nightmare to read.