marco/sentinel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
A Windows security SDK with modular architecture
55 commits 2 branches 0 tags 122 KiB
Find a file
Exact
msh31 04fc126f08
 fix: add win32 checks in common header
2025-10-12 12:21:18 +02:00
.idea refactor: move module source files outside of sub folders 2025-09-07 15:52:45 +02:00
cmake feat: add cross compilation to Windows from MacOS 2025-09-08 20:32:22 +02:00
examples fix (core->servicehelper): improve error handling 2025-10-05 17:12:21 +02:00
include/sentinel fix: add win32 checks in common header 2025-10-12 12:21:18 +02:00
src fix (core->serviceHelper): improve error handling in stop function 2025-10-05 17:16:32 +02:00
tests wip 2025-10-05 23:47:25 +02:00
.clang-tidy feat: initial foundation 2025-08-23 01:47:37 +02:00
.gitignore add CLion project settings 2025-09-07 13:58:37 +02:00
CMakeLists.txt compatibility: improve cross-platform experience in CMakeList 2025-10-12 12:12:24 +02:00
LICENSE feat: initial foundation 2025-08-23 01:47:37 +02:00
README.md wip 2025-10-05 23:47:25 +02:00
TODO.md update README.md & create TODO.md 2025-09-08 22:26:14 +02:00

README.md

# 🛡️ Sentinel Sentinel is a basic SDK for implementing some security related features into your existing application,

Status Development Feedback

What's Ready Now (As of 7/9/25)

  • Intelligent Logging: Colored console output with automatic file audit trails
  • VM Detection Module: Detect whether your software is being ran within a Virtual Machine or Sandboxed environment
  • Persistence Module: Install and uninstall startup & service level persistence.
  • Examples: Components described above all have full example usages completed.

Planned Arsenal

Sentinel is designed to become your complete security research platform:

  • VM Detection - Unmask virtual environments
  • 🔄 Anti-Debug Evasion - Detect and counter debugging attempts from malicious actors
  • Process Deep Dive - Comprehensive system process analysis and behavioral monitoring
  • Network Intelligence - Advanced network beacon detection and communication analysis
  • Persistence Hunting - Install and uninstall startup & service level persistence mechanisms
  • Authentication - Hardware fingerprinting, license validation, and tamper protection
  • Crypto Helper - Cryptographic utilities including SHA256 hashing, AES encryption, HMAC generation, and base64 encoding/decoding
  • Filesystem Monitor - Realtime directory watching with callbacks for file creation, modification, and deletion events
  • Memory Analyzer - Process memory dumping, pattern scanning, and executable memory detection for dynamic analysis
  • API Monitor - Function hooking framework with callback system for monitoring API calls in target processes
  • Network Monitor - Packet capture, process-specific traffic filtering, and active connection enumeration

Getting Started

Requirements

  • C++ 17+ compatible compiler (MSVC, GCC, or Clang)
  • CMake 3.20 or higher
  • Windows 10 or higher

Building the SDK

git clone https://github.com/msh31/sentinel.git
cd sentinel

# Library Only
cmake -S . -B build
cmake --build build

# Full build
cmake -S . -B build \
  -DBUILD_EXAMPLES=ON \
  -DBUILD_TESTS=ON \
  -DBUILD_VM_DETECTION=ON \
  -DBUILD_ANTI_DEBUG=ON \
  -DBUILD_PROCESS_ANALYSIS=ON \
  -DBUILD_PERSISTENCE=ON \
  -DBUILD_NETWORK_BEACON=ON
cmake --build build

# Specify Modules (wip)
cmake -S . -B build \
  -DBUILD_VM_DETECTION=ON \
  -DBUILD_ANTI_DEBUG=ON \
  -DBUILD_PROCESS_ANALYSIS=ON \
  -DBUILD_PERSISTENCE=ON \
  -DBUILD_NETWORK_BEACON=ON
cmake --build build

# With examples
cmake -S . -B build -DBUILD_EXAMPLES=ON
cmake --build build

# With test programs
cmake -S . -B build -DBUILD_TESTS=ON
cmake --build build

License

MIT License - see LICENSE for details.

Contributing

This SDK is under active development. The current focus is establishing core utilities before implementing security-specific modules. (Kind of)