NTFS minifilter driver that can download file content from a remote location, when it is opened for the first time.
-
Updated
Oct 11, 2022 - C#
NTFS minifilter driver that can download file content from a remote location, when it is opened for the first time.
Ransomware detection application for Windows using Windows Minifilter driver
File system minifilter driver for Windows to block symbolic link attacks.
A PoC Windows Minifilter Driver in pure Rust (Don't use it in production)
Record & prevent file deletion in kernel mode
Easy Transparent Encrypted File System Based on Minifilter File System Driver
Permission Filesystem Minifilter
Procmonel is Procmon like monitoring system implemented using Microsoft WDK
FileRedirector
Filesystem minifilter driver spying on IO operations
Windows kernel development in Rust is not widely used yet. Therefore, here is a simple example of a driver and minifilter written in Rust. Also, I've written some helpful crates. Enjoy!
Source code for the blog post "Ransomware in the honeypot: how we capture keys with sticky canary files"
Le petit Minifilter Driver surveillant file I/O de processus
Kernel mode minifilter driver and User mode C# API for filesystem events monitoring
Add a description, image, and links to the minifilter-driver topic page so that developers can more easily learn about it.
To associate your repository with the minifilter-driver topic, visit your repo's landing page and select "manage topics."