Telemetry and data collection
To capture and analyze network traffic for the telemetry option, QEMU virtual machines are used on the server virtualization management platform Proxmox VE based on :
- Windows 10 Pro 64bits with automatic updates enabled.
- Windows 8.1 Pro 64bits with automatic updates enabled.
- Windows 7 SP1 Pro 64bits with automatic updates enabled.
Traffic dumps are clean every day and compared with the current rules to add/remove some hosts or firewall rules.
Tools used to capture traffic :All traffic events are available in the
logs folder :*-hosts-count.csv: number of events per host*-unique.csv: the first trigger of an event per host/process/destination port
data folder contains the blocking rules based on domains or IPs detected during the capture process :data/<type>/winX/spy.txt: Block Windows Spy / Telemetrydata/<type>/winX/update.txt: Block Windows Updatedata/<type>/winX/extra.txt: Block third-party applications
- DNSCrypt : a protocol for securing communications between a client and a DNS resolver.
- OpenWrt : an open source project used on embedded devices to route network traffic.
- P2P : a plaintext IP data format from PeerGuardian.
- Proxifier : an advanced proxy client on Windows with a flexible rule system.
- simplewall : a simple tool to configure Windows Filtering Platform (WFP).
Download
git clone https://github.com/crazy-max/WindowsSpyBlocker.gitUsage
Source: https://github.com/crazy-max/WindowsSpyBlocker
ALSO READ : Backdoor Metasploit Persistent | Penetration Testing Lab
Hello, Viewers We offer timely analysis and in-person experiences that form the basis of our professional articles. Our editorial section is a reflection of the emerging technology trends. Our tagline “Fresh News of Technology and More” tries to address the same diversity. 
No comments:
Post a Comment