Skip to content

msh31/sentinel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
.idea
.idea
 
 
cmake
cmake
 
 
examples
examples
 
 
include/sentinel
include/sentinel
 
 
src
src
 
 
tests
tests
 
 
.clang-tidy
.clang-tidy
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
TODO.md
TODO.md
 
 

Repository files navigation

🛡️ Sentinel

Sentinel is a basic SDK for implementing some security related features into your existing application,

Status Development Feedback

What's Ready Now (As of 7/9/25)

  • Intelligent Logging: Colored console output with automatic file audit trails
  • VM Detection Module: Detect whether your software is being ran within a Virtual Machine or Sandboxed environment
  • Persistence Module: Install and uninstall startup & service level persistence.
  • Examples: Components described above all have full example usages completed.

Planned Arsenal

Sentinel is designed to become your complete security research platform:

  • VM Detection - Unmask virtual environments
  • 🔄️ Anti-Debug Evasion - Detect and counter debugging attempts from malicious actors
  • Process Deep Dive - Comprehensive system process analysis and behavioral monitoring
  • Network Intelligence - Advanced network beacon detection and communication analysis
  • Persistence Hunting - Install and uninstall startup & service level persistence mechanisms
  • Authentication - Hardware fingerprinting, license validation, and tamper protection
  • Crypto Helper - Cryptographic utilities including SHA256 hashing, AES encryption, HMAC generation, and base64 encoding/decoding
  • Filesystem Monitor - Realtime directory watching with callbacks for file creation, modification, and deletion events
  • Memory Analyzer - Process memory dumping, pattern scanning, and executable memory detection for dynamic analysis
  • API Monitor - Function hooking framework with callback system for monitoring API calls in target processes
  • Network Monitor - Packet capture, process-specific traffic filtering, and active connection enumeration

Getting Started

Requirements

  • C++ 17+ compatible compiler (MSVC, GCC, or Clang)
  • CMake 3.20 or higher
  • Windows 10 or higher

Building the SDK

git clone https://github.com/msh31/sentinel.git
cd sentinel

# Library Only
cmake -S . -B build
cmake --build build

# Full build
cmake -S . -B build \
  -DBUILD_EXAMPLES=ON \
  -DBUILD_TESTS=ON \
  -DBUILD_VM_DETECTION=ON \
  -DBUILD_ANTI_DEBUG=ON \
  -DBUILD_PROCESS_ANALYSIS=ON \
  -DBUILD_PERSISTENCE=ON \
  -DBUILD_NETWORK_BEACON=ON
cmake --build build

# Specify Modules (wip)
cmake -S . -B build \
  -DBUILD_VM_DETECTION=ON \
  -DBUILD_ANTI_DEBUG=ON \
  -DBUILD_PROCESS_ANALYSIS=ON \
  -DBUILD_PERSISTENCE=ON \
  -DBUILD_NETWORK_BEACON=ON
cmake --build build

# With examples
cmake -S . -B build -DBUILD_EXAMPLES=ON
cmake --build build

# With test programs
cmake -S . -B build -DBUILD_TESTS=ON
cmake --build build

License

MIT License - see LICENSE for details.

Contributing

This SDK is under active development. The current focus is establishing core utilities before implementing security-specific modules. (Kind of)

About

A Windows security SDK with modular architecture

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages