Source code for the blog post "Ransomware in the honeypot: how we capture keys with sticky canary files"
-
Updated
Feb 27, 2024 - C++
Source code for the blog post "Ransomware in the honeypot: how we capture keys with sticky canary files"
Windows kernel development in Rust is not widely used yet. Therefore, here is a simple example of a driver and minifilter written in Rust. Also, I've written some helpful crates. Enjoy!
Windows Minifilter Driver in pure Rust
Easy Transparent Encrypted File System Based on Minifilter File System Driver
Kernel mode minifilter driver and User mode C# API for filesystem events monitoring
FileRedirector
NTFS minifilter driver that can download file content from a remote location, when it is opened for the first time.
File system minifilter driver for Windows to block symbolic link attacks.
Record & prevent file deletion in kernel mode
Ransomware detection application for Windows using Windows Minifilter driver
Filesystem minifilter driver spying on IO operations
Procmonel is Procmon like monitoring system implemented using Microsoft WDK
Permission Filesystem Minifilter
Le petit Minifilter Driver surveillant file I/O de processus
Add a description, image, and links to the minifilter-driver topic page so that developers can more easily learn about it.
To associate your repository with the minifilter-driver topic, visit your repo's landing page and select "manage topics."