Daniel Roethlisberger
Daniel Roethlisberger
Add per-proxyspec options facility to control content mangling features such as OCSP denial, HTTP header removal, HTTP downgrade to 1.0, STARTTLS removal (#57) or similar features. Possibly also extend this...
CRL denial based on targetdir cert's CDPs or by identifying CRL ASN.1 on the content level.
Implement an extendable approach to broken certificate verification implementations and implement some of the more interesting ones.
Symhash is a proposal for an imphash-like hash for Mach-O binaries. Look into whether it makes sense to implement it in c and add support for a symhash hash type...
Add support to acquire tlsh hashes from binaries to support fuzzy indicator matching down the pipeline.
Add support to acquire ssdeep hashes from binaries to support fuzzy indicator matching down the pipeline.
Current file monitoring based on `AUE_CLOSE` and other audit events has a number of issues that need a solution. Think about reimplementing or improving the event acquisition. Options include: -...
Consider acquiring stat and hashes in-kernel in order to move burden to the task calling exec. This should reduce the amount of time the main thread spends acquiring data the...
The kext should verify the identity of the userspace process attaching to `/dev/xnumon` based on its code signature and refuse attaching if the code is unsigned or signed by the...
Add new event for kext loads. Not covered by audit(4), need to identify a good method to acquire this event. Analysis of kextd source might reveal some insights.