Skip to content
/ BlueLight Public

Open-source EDR kernel-component for system monitoring and DLL injection

31 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xhido/BlueLight

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
BlueLightClient
BlueLightClient
 
 
BlueLightDrv
BlueLightDrv
 
 
injlib
injlib
 
 
.gitignore
.gitignore
 
 
BlueLight.sln
BlueLight.sln
 
 
README.md
README.md
 
 

Repository files navigation

BlueLight

BlueLight is an open-source kernel component for kernel-mode process activity monitoring and setup for user-mode API calls monitoring.

Goals

The goal of this project is to create a Windows kernel component for EDR system, specifically, BLUESPAWN - an open-source EDR.

Architecture

BlueLight built using file-system mini-filter driver which sends events to user-mode over communication port.

In addition, the driver uses injdrv for injecting custom DLL to every thread (right after loading kernel32.dll).

Monitoring

Currently implemented:

  • Process Creation / Termination
  • Thread Creation / Termination
  • Remote Thread Creation
  • Image Loading

Acknowledgements

About

Open-source EDR kernel-component for system monitoring and DLL injection

Resources

Readme
Activity

Stars

31 stars

Watchers

2 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages