open_safety
PolyHook_2_0
| open_safety | PolyHook_2_0 | |
|---|---|---|
| 14 | 2 | |
| 35 | 1,493 | |
| - | - | |
| 2.6 | 7.1 | |
| almost 2 years ago | 3 months ago | |
| Rust | C++ | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
open_safety
-
Any sufficiently advanced uninstaller is indistinguishable from malware
Malware delivered as an email with a link to a zip file containing a .js file is one of the most common methods of delivery, right behind word macros. The "map the .js extension to notepad.exe" is a common security trick with a measurable, immediate drop in malware in large orgs. You can deploy it via GPO or InTune.
Personal promotion, I built this as a better alternative:
https://github.com/technion/open_safety
Note the built in .js parser hasn't basically ever updated, if you're writing for this you're writing like you're targetting IE5.
- How to build windows application clean / virus free for online distribution?
- Security Cadence: Use Default Apps to Help Prevent Accidental Launching of Malicious File Types
- Have you ever been hit with ransomware?
-
Microsoft's Small Step to Disable Macros Is a Win for Security
Allow me to reference my own workaround for those vectors:
https://github.com/technion/open_safety
- Am I the only one who finds Rust to be centered around Linux? Any Windows devs want to share their experience with Rust?
- State-of-the-art EDRs are not perfect, fail to detect common attacks
- Is shipping the produced .exe the only thing one needs to ship in order to ship a Rust program?
-
How to Rapidly Improve at Any Programming Language
https://github.com/technion/open_safety
The time I've spent on the Github actions is substantively higher than the time I've spent on the .rs files. Of course you can't "test actions before commit" in the way you can actual code, so I kept having to make branches, make 15 commits like "try action fix again", followed by squashing them all down and merging.
- To enable trust, install this certificate in the Trusted Root Certification Authorities store.
PolyHook_2_0
-
Any sufficiently advanced uninstaller is indistinguishable from malware
And my more sophisticated library, https://github.com/stevemk14ebr/PolyHook_2_0
- Relive internal browser features
What are some alternatives?
csv-injection-payloads - 🎯 CSV Injection Payloads
subhook - Simple hooking library for C/C++ (x86 only, 32/64-bit, no dependencies)
music-vibes - Desktop app for translating audio output into vibrations
Squirrel - An installation and update framework for Windows desktop apps
xwin - A utility for downloading and packaging the Microsoft CRT headers and libraries, and Windows SDK headers and libraries needed for compiling and linking programs targeting Windows.
Microsoft Research Detours Package - Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
ntfs - An implementation of the NTFS filesystem in a Rust crate, usable from firmware level up to user-mode.
PSDetour - Windows Detour Hooking in PowerShell
Windows-Sandbox-Utilities - A public repository for useful developments surrounding Windows Sandbox
PSDetour-Hooks - Auditing Hooks for https://github.com/jborean93/PSDetour
Stacktribution - A tiny webapp to generate proper attribution to a Stack Overflow's answer.
dom-expressions - A Fine-Grained Runtime for Performant DOM Rendering