search

rysavy-ondrej / ethanol

An experimental environment for context-based flow artifact analysis.
1 stars 0 forks source link

Application Sonar #7

Open rysavy-ondrej opened 1 year ago

rysavy-ondrej commented 1 year ago

Demonstrate how to use context for determining local application / internet service for the host's traffic.

HOST --- APP --- SERVICE --- FLOW
      |       |           |- FLOW
      |       |           |- FLOW
      |       |- SERVICE --- FLOW
      |                   |- FLOW
      |                   |- FLOW
      |- APP --- SERVICE --- FLOW
      |       |           |- FLOW
      |       |           |- FLOW
      |       |- SERVICE --- FLOW
      |                   |- FLOW
      |                   |- FLOW
rysavy-ondrej commented 1 year ago

Change the way how we get information about local processes. Do it all locally -- we just need to extract some information from TLS+DNS+HTTP communication and standard flow records. Check if there is some tool that can already do that.

rysavy-ondrej commented 1 year ago

Scenario -- use hyper-v or other virtualization platform for running the guest. Is it possible to monitor the guest machine from host, e.g., by PS?