Kernel Whisperer: “Databasing” the Kernel

Hello paranoids

 You know those new year’s resolutions that people make? Going to the gym more often, eating healthy, travel more? Scratch that…

 I have decided to kickstart my 2018 by working on a research project. The first phase is a tool that i have named Kernel Whisperer (GitHub). The tool you see is not the full project i have in mind but more of a testing ground. However, i feel that due to the generic nature of the idea (feeding kernel events into a database), the community will likely benefit from the tool. If not, the code may be a starting point for someone interested in kernel development for Windows systems. 

 As you may expect, this project is ongoing since there are a couple of interesting events that we can get from kernel land. However, the ones implemented up to the date of this publication (i.e. file system, registry, network, process creation) should be enough for you to have a glimpse of what is going on behind the scenes.

 

Stay safe 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s