Cyberattacks are a constantly evolving threat. This means detection needs to be accurate and response agents need to be proactive... so how do we ensure these protective softwares are working properly?
That's where Cat-A-Log comes in! Cat-A-Log is an application that offers comparative test data for EDR software...with a fun twist.
Paw-don the puns; this self-induced file manipulation and transmission software is making hiss-tory.
Running this project will trigger a short lifecycle of a file and send a log of the activities' details to your browser:
- Creates a Cats.txt file in the application
- Updates this file with paw-some puns
- Deletes the file and remove it from the directory
As each of these actions are executed, an entry with detailed data is added to the log, (e.g. timestamps, name of the user who initiated the process, etc.). This log acts as core telemetry to be compared against a sensor's log of data. If the entries don't match, the sensor needs to be updated.
Compatible with Unix (MacOS) and Linux. This application utilizes several ruby gems. To run the program on your device clone the repository, change directories into the project folder, and install the dependencies.
bundle installTo get the app started, run the following command in your terminal:
ruby runner.rbThis will prompt you to confirm you'd like the program to run it's the process in full.
Would you like to run this program now? (Y/n)
Typing Y or Yes will launch the program. Once the program has completed its tasks, a log will be available for viewing online. Open your web browser and go to:
http://127.0.0.1:9393/log
This is a Ruby application with Rack middleware. Ruby gems include: JSON and TTY:Prompt.
If I were to expand this app, I would implement the following:
- More dynamic variables: methods to accept arguments and values from the device, rather than hard-coded params (e.g. Server session ID, amount of data sent)
- A frontend with a simple "Start" button that would run the program and return the log as a downloadable file.
- An internal server call that would send the Log.json file without requiring a request from the browser (possibly with sockets)
- Run several different types of modifications to the test file (i.e. type, name, password)