C# (CSharp) Shannon5POC FilemonEventHandler示例

编程语言: C# (CSharp)

命名空间/包名称: Shannon5POC

hotexamples.com的示例: 2

C# (CSharp) Shannon5POC FilemonEventHandler - 已找到2个示例。这些是从开源项目中提取的最受好评的Shannon5POC.FilemonEventHandler现实C# (CSharp)示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

changeOccured(1)

creationOccured(1)

deletionOccured(1)

setEntropyThreshold(1)

setSecondsInThreshold(1)

setThresholdToReaction(1)

示例#1

显示文件

        //Event handeler if an object is changed
        private static void OnChanged(object source, FileSystemEventArgs e)
        {
            //Cancel out appdata
            Console.WriteLine(e.FullPath + " is " + e.ChangeType);

            if (e.FullPath.Contains(@"C:\Users\PoC\Desktop") ||
                e.FullPath.Contains(@"C:\Users\PoC\Documents") ||
                e.FullPath.Contains(@"C:\Users\PoC\Downloads") ||
                e.FullPath.Contains(@"C:\Users\PoC\Videos"))
            {
                if (e.FullPath.Contains("."))
                {
                    if (e.ChangeType.ToString().Equals("Changed"))
                    {
                        FilemonEventHandler.changeOccured(e);
                    }
                    else if (e.ChangeType.ToString().Equals("Created"))
                    {
                        FilemonEventHandler.creationOccured(e);
                    }
                    else if (e.ChangeType.ToString().Equals("Deleted"))
                    {
                        FilemonEventHandler.deletionOccured(e);
                    }
                }
            }
        }

示例#2

显示文件

文件： Program.cs 项目： NBeuschau/Speciale

        public static void shannonEntropyFileMonDetection()
        {
            Logger.getPoCRansomware();

            Thread.Sleep(1000);

            Logger.postPoCFetched();

            while (!Logger.getHasFetched())
            {
                Thread.Sleep(500);
            }

            Logger.setRansomwareDownloaderPath(RANSOMWAREDOWNLOADERPATH);

            ActionTaker.setBackingName(BACKINGNAME);
            ActionTaker.setPathToBackingFile(pathToBackingFile);

            ProcMon.setPathToProcMon(ProcMonPath);

            FilemonEventHandler.setEntropyThreshold(entropyThreshold);
            FilemonEventHandler.setThresholdToReaction(thresholdToReaction);
            FilemonEventHandler.setSecondsInThreshold(secondsInThreshold);

            Logger.setPath1(path1);
            Logger.setPath2(path2);
            Logger.setPath3(path3);
            Logger.setPath4(path4);
            Logger.setPathFileWatch(PATH);

            //Find entropy of all files
            ShannonEntropy temp1 = new ShannonEntropy();

            temp1.getEntropyOfAllFilesInPath(path1);

            ShannonEntropy temp2 = new ShannonEntropy();

            temp2.getEntropyOfAllFilesInPath(path2);

            ShannonEntropy temp3 = new ShannonEntropy();

            temp3.getEntropyOfAllFilesInPath(path3);

            ShannonEntropy temp4 = new ShannonEntropy();

            temp4.getEntropyOfAllFilesInPath(path4);

            Dictionary <string, double> test = ShannonEntropy.getSavedEntropies();

            foreach (var item in test)
            {
                Console.WriteLine(item.Key + " - " + item.Value);
            }


            //Start procmon
            BACKINGNAME = BACKINGNAME + 0;
            var t = new Thread(() => ProcMon.createProcmonBackingFile(pathToBackingFile, BACKINGNAME));

            t.Start();

            //Start filemon
            //When filemon sees a reaction it posts to filemoneventhandler
            //Filemoneventhandler then deems if it is nessesary to take action, using actiontaker
            Console.WriteLine(Logger.getNAMEONTEST());

            //Start logger
            //TODO fix call to server such that it is not honeypotpoc that is called
            Logger.LogWriter(PATH);

            Logger.postPoCTested();
            Logger.postPoCPosted();

            Thread.Sleep(30000);
        }