in dev
SentinelCPP
Lightweight EDR agent for Windows written in C++17. Performs real-time process monitoring via the Toolhelp32 API (500 ms snapshots), extracts executable paths and PPID metadata, and applies path-based heuristics to detect masqueraded system binaries — e.g. svchost.exe or lsass.exe spawned outside System32. Suspicious processes are automatically terminated and all security events are written to a structured incident log with INFO / WARN / CRITICAL severity levels. Roadmap includes ETW-based monitoring, DLL-injection detection, and registry persistence tracking.
C++WindowsEDRBlue TeamThreat DetectionWin32 API
View on GitHub →