Home
Welcome to the unoon wiki!
I wanted to have a system which will notify the user for any process which will open/create a network connection, either locally or to a remote system. This will help to detect any malware connecting back to the C2 or reverse shell or a web shell. In simple terms, an Intrusion Detection System (IDS) for my laptop.
As you can see, the UI is really horrible right now, the goal is to make it better with help from you all.
This is window the users can see after starting the application. We have a table widget, and three tabs to showcase existing processes. The first tab is for '''Current process''' which are not in a whitelist, any new process creating a network connection will show up here.
We have the following headings, "Name", "Process ID", "Parent ID", "TTY", "User", "CWD". The first column will show the full command line arguments on hover.
The second tab is the similar looking, but, for the processes which have been marked as a whitelist process.
NOTE: always mark processes with full paths for security reason in the whitelist.
The third tab contains the similar information, but, for all the processes (whitelist or not) while the application is running.
Here we are showing the same "Process full command line", "Process ID", "Parent ID", "TTY", "User", "CWD" for the new processes.
This dialog in future will also have a button/option to add the remote host blocked via firewall. This also means we will need a separate window/dialog to add/remove hosts from firewall blocking.
Here the user will be able to see the current state (this needs manual refresh every time and I don't know where to put that button/menu to refresh) of the process.
The process tree comes up in a tree view. Along with the existing information, we also have a list of open files, and all network connections from each process. The full command line argument is also a very big string, we have to show that too, that helps to identify the process properly.