L3nSec Demo #1 – The first milestone!

Quick note: I have turned this project down because I was setting my goals too high for my knowledge of driver development and C#-C++ interoperability.
I’m not planning in continuing or re-making this project.

Hey there!

This post is different from the 2 before since this is just a demo of an Antivirus I’m coding.

It will be fairly simple but hella fun to make! In this state, it only inspects the PE header’s imports for suspicious functions (for instance: TerminateProcess, WriteProcessMemory, etc…)

I will account for dynamic imports later on. (hint: hook GetProcAddress)

Oh and also, it already has the list of hashes implemented, I just need to use the md5 hashing function :).


Next steps:

  • FileSystem Minifilter
  • Protection against dynamic imports

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s