Skip to content
This repository has been archived by the owner on Oct 20, 2021. It is now read-only.
/ proctool Public archive

PoC: Artifact Tracing via Process IO Monitoring

License

Notifications You must be signed in to change notification settings

BBVA/proctool

Repository files navigation

ProcTool

proctool is a proof-of-concept tool implementing "Artifact Tracing via I/O Monitoring".

To know more about it check out the presentation and the demo.

Prerequisites

  • Nix

Installation

$ nix-shell
$ make install

Testing

$ nix-shell
$ make test

Caveats

  • Current implementation is based on strace. A high performance hit is expected.
  • openat and execve are the only supported syscalls.
  • No children of the surveilled process will be monitored after the dead of its parent.

About

PoC: Artifact Tracing via Process IO Monitoring

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published