trailofbits sinter issues

trailofbits / sinter

A user-mode application authorization system for MacOS written in Swift

https://blog.trailofbits.com/2020/08/12/sinter-new-user-mode-security-enforcement-for-macos/

GNU Affero General Public License v3.0

301 stars 15 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Add support for app bundles and cache invalidation

#49 alessandrogario closed 4 years ago
1
Import back the old logger

#48 alessandrogario closed 4 years ago
0
Add basic filtering support with a sync-server

#47 alessandrogario closed 4 years ago
0
Fix a compile-time error for macOS >= 10.15.4

#46 alessandrogario closed 4 years ago
0
CI: Update the GitHub Actions workflow

#45 alessandrogario closed 4 years ago
0
Refactor

#44 alessandrogario closed 4 years ago
0
Add structured logging to local filesystem

#43 mike-myers-tob closed 4 years ago
0
Invalidate cached approvals in reaction to on-disk changes

#42 mike-myers-tob opened 4 years ago
1
Parse additional fields from process events

#41 mike-myers-tob closed 4 years ago
0
Rewrite, converting from CMake to Xcode

#40 alessandrogario closed 4 years ago
0
Make minor refactors that swiftlint recommends

#39 mike-myers-tob closed 4 years ago
0
Add CI support

#38 alessandrogario closed 4 years ago
0
Refactor functionality into classes, add an initial auth prompt

#37 mike-myers-tob closed 4 years ago
0
Implement mitigations for whitelisting-evasion tactics

#36 mike-myers-tob closed 4 years ago
0
Create Sinter User Personas

#35 MatthewARinehart closed 4 years ago
2
Implement detection of filesystem anti-forensics

#34 mike-myers-tob closed 4 years ago
0
Implement detection of Recovery Mode

#33 mike-myers-tob closed 4 years ago
0
Implement detection of C2 (C&C) channels

#32 mike-myers-tob closed 4 years ago
0
Implement detection of suspected keyloggers

#31 mike-myers-tob closed 4 years ago
0
Implement monitoring of user logins

#30 mike-myers-tob closed 4 years ago
0
Implement monitoring and blocking of USB device insertions

#29 mike-myers-tob closed 4 years ago
0
Add a local control interface

#28 mike-myers-tob closed 4 years ago
0
Implement monitoring and blocking of execution persistence vectors

#27 mike-myers-tob closed 4 years ago
0
Implement monitoring and blocking of kernel extension loading

#26 mike-myers-tob closed 4 years ago
0
Add rule logic based on process tree

#25 mike-myers-tob opened 4 years ago
0
Add rule logic based on UID (user IDs)

#24 mike-myers-tob opened 4 years ago
0
Implement file access monitoring

#23 mike-myers-tob closed 4 years ago
0
Implement SSH connection detection and blocking

#22 mike-myers-tob closed 4 years ago
0
Implement client-side DNS monitoring and blocking

#21 mike-myers-tob closed 4 years ago
0
Integrate with VirusTotal threat intel

#20 mike-myers-tob closed 4 years ago
0
Add "social whitelisting" functionality on the server

#19 mike-myers-tob closed 4 years ago
0
Support for a desired subset of Santa sync server

#18 mike-myers-tob closed 4 years ago
0
Only Allow Process Execution from Specific Directories

#17 mike-myers-tob opened 4 years ago
0
Add remote logging

#16 mike-myers-tob closed 4 years ago
1
Add a mode that presents a local user with an approval dialog

#15 mike-myers-tob closed 4 years ago
0
Add a CI with automated unit tests

#14 mike-myers-tob opened 4 years ago
0
Update Repo README

#13 mike-myers-tob closed 4 years ago
0
Implement refined rule logic

#12 mike-myers-tob closed 4 years ago
0
Add ability to work in offline mode

#11 mike-myers-tob closed 4 years ago
1
Add (local system) structured logging

#10 mike-myers-tob closed 4 years ago
2
Add configurability mechanism

#9 mike-myers-tob closed 4 years ago
0
Basic sync server functionality

#8 mike-myers-tob closed 4 years ago
1
Cache approvals, for better performance

#7 mike-myers-tob closed 4 years ago
1
Package for deployment by Munki

#6 mike-myers-tob closed 4 years ago
0
Support for multithreaded execution authorization logic

#5 mike-myers-tob closed 4 years ago
1
Blocklist and allowlist control of process executions, by signing certificate

#4 mike-myers-tob opened 4 years ago
0
Blacklist and whitelist control of process executions, by code directory hash

#3 mike-myers-tob closed 4 years ago
0
Build with signing and entitlements and run with SIP enabled

#2 mike-myers-tob closed 4 years ago
2
Monitor process execution using the EndpointSecurity API

#1 mike-myers-tob closed 4 years ago
1