Skip to content
/ RosaryAC-rs Public

Experimental usermode behavioral anomaly based EDR system.

3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

WHots/RosaryAC-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
.idea
.idea
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

RosaryEDR - Proof of Concept User Mode EDR / Threat Detection System (Work in Progress)

OIG777(1)(1)

About The Project

RosaryEDR is a proof of concept (PoC) user mode Endpoint Detection and Response (EDR) / Threat Detection System designed to identify and report suspicious activities on endpoints. This project is currently experimental and under development. The codebase and the project's direction are subject to change at any time.

Project Change Log

  • Date: 8/6/2024
  • Update: The project has transitioned to a user-mode EDR / Threat Detection System.
  • Date: 5/13/2024
  • Update: The project has transitioned to an Anti-Cheat user client.

This application is intended as a PoC for those interested in endpoint security mechanisms. It is important to note that RosaryEDR does not provide resources for executing or reversing malicious activities. Additionally, it is not designed to target or single out any specific threat actor.

Built With

  • Rust Language: The core of RosaryEDR is built using Rust, known for its safety and performance.

Prerequisites

To work with RosaryEDR, you must have Rust and Cargo installed on your system. You can install them using rustup, which is available here.

EDR Rules

To maintain system security and integrity, RosaryEDR operates under the following rules:

  1. Proof of Malicious Process:

    • The system MUST be able to prove that a malicious process is running. Merely having potentially harmful software installed does NOT count. It must be proven that the threat is active at the time of detection.
    • It also MUST be proven that the malicious process is or had interaction with the protected system processes.

  2. Memory and Process Interaction:

    • The system is NOT allowed to write into process memory nor interact with system processes during the user-mode stages of this project. This ensures the system operates safely and respects system integrity.

  3. Querying Machine Information:

    • The system CAN query machine information, but ONLY during runtime. None of the information queried should be personally identifiable to the user, maintaining user privacy and security.

  4. Network Connections:

    • The system is NOT permitted to create any type of third-party network connection whatsoever. It must not download or upload files, nor fetch any information. The system is designed to operate 100% offline.

Note: As this project is a work in progress, the information provided here is subject to change. Keep an eye on the repository for the latest updates. Your contributions and suggestions are welcome to improve RosaryEDR. For any issues or feature requests, please refer to the issues section.

About

Experimental usermode behavioral anomaly based EDR system.

Topics

windows rust security rust-lang threat-hunting security-tools threat-intelligence edr anticheats gamecheats

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages