Kernel mode minifilter driver and User mode C# API for filesystem events monitoring
-
Updated
Jun 26, 2023 - C
Kernel mode minifilter driver and User mode C# API for filesystem events monitoring
FileRedirector
Le petit Minifilter Driver surveillant file I/O de processus
Filesystem minifilter driver spying on IO operations
Windows kernel development in Rust is not widely used yet. Therefore, here is a simple example of a driver and minifilter written in Rust. Also, I've written some helpful crates. Enjoy!
Source code for the blog post "Ransomware in the honeypot: how we capture keys with sticky canary files"
Procmonel is Procmon like monitoring system implemented using Microsoft WDK
A PoC Windows Minifilter Driver in pure Rust (Don't use it in production)
Record & prevent file deletion in kernel mode
File system minifilter driver for Windows to block symbolic link attacks.
Easy Transparent Encrypted File System Based on Minifilter File System Driver
Permission Filesystem Minifilter
Ransomware detection application for Windows using Windows Minifilter driver
NTFS minifilter driver that can download file content from a remote location, when it is opened for the first time.
Add a description, image, and links to the minifilter-driver topic page so that developers can more easily learn about it.
To associate your repository with the minifilter-driver topic, visit your repo's landing page and select "manage topics."