ApriorIT
Kernel-level File System Filtering

Get IP and other SMB session parameters in kernel mode file system filter driver!

The Apriorit Team was in charge with an advanced cyber security project. Kernel-level driver to work with file system was a part of it. Kernel level gave the green light for a number of advanced features - but it also produces questions about implementation approaches. This time, the task was to improve file activity monitoring feature providing additional information about the user, who accessed a file in a network share; and also organize rule-based network share access.

How to organize kernel-level file system filtering? Internal Windows API research was conducted.

For more details:

Reverse Engineering Case: Kernel-level File System Filtering
(PDF, 560 KB)

Take a look at the Apriorit file system development experience example: File system filter driver development tutorial.

Tell us about your project
Send us a request for proposal! We’ll get back to you with details and estimations.

Browse
By clicking Send you give consent to processing your data

Book an Exploratory Call

Do not have any specific task for us in mind but our skills seem interesting?

Get a quick Apriorit intro to better understand our team capabilities.

Contact Us

  • +1 202-780-9339
  • [email protected]
  • 3524 Silverside Road Suite 35B Wilmington, DE 19810-4929 United States
  • D-U-N-S number: 117063762