PreEmpt is my messing-around-with-edr-stuff project. The goal is to implement a bunch of different detection capabilities to better understand their internals. So far, this consists of a Time/Event Based Memory Sweeper, an EtwTi Agent, and an orchestration process which receives events from these processes and passes them off to the ELK Stack, whilst also showing the user a Windows Toast Notification. On the agenda there is more EtwTi, a Hooking DLL, and probably some other stuff.
Click to read more.