ShellSecure

Inspiration

Technology is the forefront to most, if not all industries, and it has been proven time and time again that a good security solution is key to sustaining a company, from small data breaches tainting the reputation of companies, to detrimental mishaps such as the July 19th Crowd-Strike outage harming countless companies. Accessibility is what's often left out or considered an afterthought in most of these applications, my project's improvement to accessibility helps bridge the gap between complex digital systems and everyday users.

What it does

What my project does can be best broken down into this feature list:

• Scan the selected app for malicious signatures (such as your basic hash comparing, PDB scanning for known open source viruses).
• Undocumented telemetry functions in NTDLL that provide easy to use subscriptions for system events.
• Watchdog to monitor critical security features such as audio being being tampered with.

How we built it

Knowing the complexity of this project and how I was practically racing against the clock, I focused on developing the core features such as the MD5 hash file digest and PDB scanning via the PE Header, as both are widely documented. Once those were completed I created a rough mockup of the user interface using ImGui, refining details to ensure ease of use and "integrate the human experience with the digital experience". Once that was completed I tackled what was considerably the hardest part, the kernel level companion driver for the rest of the antivirus. Firstly, I developed a simple communication bridge which I then stress tested, then transitioned into creating the instruction data types, and then the telemetry events to alert the user of unauthorized access and/or changes being made.

Challenges we ran into

A challenge I ran into was the kernel companion driver, as I refrained from using standard communication methods such as IOCTL, which would be easy to reverse engineer and abuse in a real world scenario for things such as arbitrary read/write exploits.

Accomplishments that we're proud of

I am proud of finding a way to bridge the communication gap between the user level application and kernel companion using undocumented Windows functions.

What we learned

That regardless of the scale a project is intended to reach, its goals and methods should still obey by modern security standards, how versatile telemetry events are for different use cases on both the attacking and offending playing field, and most importantly how simplistic but effective design language can play an immense impact on how well an end user can utilize a product.

What's next for ShellSecure

I plan on eventually scaling the anti-virus to the best of my extents, then consulting with colleagues or organizations regarding production and development on a bigger scale.

Built With

• c++
• imgui
• kernelmode
• windows-10