Skip to content

Bondey/KawaiiFilter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
KawaiiAgent
KawaiiAgent
 
 
KawaiiFilter
KawaiiFilter
 
 
misc
misc
 
 
.gitignore
.gitignore
 
 
KawaiiFilter.sln
KawaiiFilter.sln
 
 
KawaiiIntel.py
KawaiiIntel.py
 
 
README.md
README.md
 
 

Repository files navigation

KawaiiFilter

An all in one VM harden&monitor

Features

Hidding process images by DKOM

Some stuff need to be done before using this feature

1- Disable PatchGuard, try EfiGuard, UPGDSED or Shark.

  1. Enable testSigning: "bcdedit /set testsigning on"

Sysmon Like system monitoring

  • Can monitor de wole system (not recomended)

  • Can filter by PID, a new PID is monitored if:

    -- Is created by a monitored process

    -- Gets a new Remote Thread from a monitored process

    -- A Handle to the process is opened by a monitored Process

ATM this Driver monitors

  • Registry
  • File System
  • Image Load
  • Thread creation
  • New Proceses
  • Open Process

FAQ

Most of the code is thanks to the book "Windows kernel programming" from Pavel Yosifovich

¿Trying to read my code? sry... Image of devel

About

An all in one vm-harden and monitoring driver

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases 1

First Release! Latest
Apr 14, 2020

Packages

No packages published

Languages