Skip to content
/ procsentinel Public

Simple implementation of service that detect suspicious activity with processes run on your system

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

architectxor/procsentinel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
entropy-thresholds
entropy-thresholds
 
 
src
src
 
 
README.md
README.md
 
 
get_elf_avg.py
get_elf_avg.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Process Sentinel

The Process Sentinel is the piece of software that iterates over running processes, and then concludes if it is suspicious. Through its operation it assess the following parameters:

  • software packaging,
  • self-modification of .text section
  • presence of writable and executable memory regions within process memory
  • external connections

Result are written in separate files in the tmp/procsent:

  • main_log -- general information about analyzed processes
  • <PID>-<process_name>-<unique_id> -- detailed results for the particular process

⭐ How to run it

user@host $ sudo ./procsent.py &
[<job_number>] + <PID> sudo ./procsent.py
user@host $ disown %<job_number>

Related Projects

  1. Dataset of Packed ELF files
  2. Bintropy

About

Simple implementation of service that detect suspicious activity with processes run on your system

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages