Kernel Whisperer: “Databasing” the Kernel

Hello paranoids

 You know those new year’s resolutions that people make? Going to the gym more often, eating healthy, travel more? Scratch that…

 I have decided to kickstart my 2018 by working on a research project. The first phase is a tool that i have named Kernel Whisperer (GitHub). The tool you see is not the full project i have in mind but more of a testing ground. However, i feel that due to the generic nature of the idea (feeding kernel events into a database), the community will likely benefit from the tool. If not, the code may be a starting point for someone interested in kernel development for Windows systems. 

 As you may expect, this project is ongoing since there are a couple of interesting events that we can get from kernel land. However, the ones implemented up to the date of this publication (i.e. file system, registry, network, process creation) should be enough for you to have a glimpse of what is going on behind the scenes.


Stay safe 😉

