1  %title python-ransomware
 2  :work:dev:python:
 3  %date 
 4  %update 2023-06-04 00:18
 5  
 6  Use a honeypot file to detect active ransomware and dump the process in hopes of finding the key, packaged with InnoSetup
 7  
 8  = Pipeline =
 9  Honeypot file touched/modified -> Sysmon event rule (modified to include pid as argument) -> Task scheduler -> Python process dump 
10  
11  = Tasks =
12  Task scheduler is triggered from any Event11 Sysmon rule currently, needs to be specific to ransomware triggers
13  	* need to add a name to the rule, and then filter in python to only trigger on that rule name
14  Package with InnoScript
15  
16  -----
17  = Backlinks =
18  
19  - [[work|Threat Defence]]