Kernel-level File System Filtering

Get IP and other SMB session parameters in kernel mode file system filter driver!

The Apriorit Team was in charge with an advanced cyber security project. Kernel-level driver to work with file system was a part of it. Kernel level gave the green light for a number of advanced features - but it also produces questions about implementation approaches. This time, the task was to improve file activity monitoring feature providing additional information about the user, who accessed a file in a network share; and also organize rule-based network share access.

How to organize kernel-level file system filtering? Internal Windows API research was conducted.

For more details:

Reverse Engineering Case: Kernel-level File System Filtering
(PDF, 560 KB)

Take a look at the Apriorit file system development experience example: File system filter driver development tutorial.


Let's talk

4000 chars left
Attach a file
By clicking Send you give consent to processing your data

Book an Exploratory Call

Do not have any specific task for us in mind but our skills seem interesting? Get a quick Apriorit intro to better understand our team capabilities.

Book time slot

Contact Us

P: +1 202-780-9339
E: [email protected]

8 The Green, Suite #7106, Dover, DE 19901
United States

D-U-N-S number: 117063762