Kernel-level File System Filtering

Top content

Multiagent Corporate Security Monitoring System

Project team worked on the development of the corporate network monitoring product on the basis of a remote computer investigation solution, developed previously. Many processes were optimized, security improved, centralization features introduced.

Managed R&D Services to Lower Development Risks and Free Management Resources

The Client decided to replace its freelance scheme to cut development and financial risks and improve process manageability. Although initially the outstaffing scheme was on the table, Apriorit managed R&D services proved to be the best option to meet all Client’s needs.

Virtualization for Mobile Devices: Runtime Switching between Virtual OS Instances

Combined project team of Electronics and Telecommunications Research Institute and Apriorit specialists worked on a solution to satisfy security-BYOD needs of corporate customers. Business and personal environment isolation approach was introduced and implemented using OS virtualization techniques.

Dropbox Client Research: Get Code, Emulate MiM Attack – to Protect Sensitive Data

Binary files of Dropbox Client discovered to be compiled and obfuscated Python files – not a big problem for Apriorit Research Department. Use legal Reverse Engineering when you need the 3rd-party application compatibility!

Skype Monitoring with Low-level Hooks of internal APIs

Reverse engineer a highly-protected application and analyze its core logic to produce a hook solution that survived 2 years of regular application updates!

Get IP and other SMB session parameters in kernel mode file system filter driver!

The Apriorit Team was in charge with an advanced cyber security project. Kernel-level driver to work with file system was a part of it. Kernel level gave the green light for a number of advanced features - but it also produces questions about implementation approaches. This time, the task was to improve file activity monitoring feature providing additional information about the user, who accessed a file in a network share; and also organize rule-based network share access.

How to organize kernel-level file system filtering? Internal Windows API research was conducted.

For more details:

Reverse Engineering Case: Kernel-level File System Filtering
(PDF, 560 KB)

Take a look at the Apriorit file system development experience example: File system filter driver development tutorial.