published
updated
Use a honeypot file to detect active ransomware and dump the process in hopes of finding the key, packaged with InnoSetup
Pipeline
Honeypot file touched/modified -> Sysmon event rule (modified to include pid as argument) -> Task scheduler -> Python process dump
Tasks
Task scheduler is triggered from any Event11 Sysmon rule currently, needs to be specific to ransomware triggers
* need to add a name to the rule, and then filter in python to only trigger on that rule name
Package with InnoScript