About
WindowsSpyBlocker 
Main window of WindowsSpyBlocker
Configuration file
app.conf is generated at first launch :
Telemetry and data collection
To capture and analyze network traffic for the telemetry option, QEMU virtual machines are used on the server virtualization management platform Proxmox VE based on :
- Windows 10 Pro 64bits with automatic updates enabled.
- Windows 8.1 Pro 64bits with automatic updates enabled.
- Windows 7 SP1 Pro 64bits with automatic updates enabled.
Traffic dumps are clean every day and compared with the current rules to add / remove some hosts or firewall rules.
Tools used to capture traffic :
All traffic events are available in the
logs folder :*-hosts-count.csv: number of events per host*-unique.csv: first trigger of an event per host / process / destination port
The
data folder contains the blocking rules based on domains or IPs detected during the capture process :data/<type>/winX/spy.txt: Block Windows Spy / Telemetrydata/<type>/winX/update.txt: Block Windows Updatedata/<type>/winX/extra.txt: Block third party applications
- DNSCrypt : a protocol for securing communications between a client and a DNS resolver.
- OpenWrt : an open source project used on embedded devices to route network traffic.
- P2P : a plaintext IP data format from PeerGuardian.
- Proxifier : an advanced proxy client on Windows with a flexible rule system.
- simplewall : a simple tool to configure Windows Filtering Platform (WFP).
And about data collection, you can read the Telemetry collection page for more info.
Hello, We are White Hats team. We work on hacking technologies to provide you latest hacking articles so that you can be aware of Latest tech hacks and online security threats.
No comments:
Post a Comment