{"id":22954503,"url":"https://github.com/sgabe/symlinkprotect","last_synced_at":"2025-08-13T02:31:51.586Z","repository":{"id":45039088,"uuid":"319779661","full_name":"sgabe/SymlinkProtect","owner":"sgabe","description":"File system minifilter driver for Windows to block symbolic link attacks.","archived":false,"fork":false,"pushed_at":"2020-12-16T15:56:55.000Z","size":49,"stargazers_count":38,"open_issues_count":0,"forks_count":12,"subscribers_count":4,"default_branch":"main","last_synced_at":"2023-02-27T06:55:09.377Z","etag":null,"topics":["kernel-driver","minifilter-driver","mitigation","symlink","windows-10"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sgabe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-08T22:44:53.000Z","updated_at":"2022-08-29T16:45:18.000Z","dependencies_parsed_at":"2022-09-14T01:14:06.626Z","dependency_job_id":null,"html_url":"https://github.com/sgabe/SymlinkProtect","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sgabe%2FSymlinkProtect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sgabe%2FSymlinkProtect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sgabe%2FSymlinkProtect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sgabe%2FSymlinkProtect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sgabe","download_url":"https://codeload.github.com/sgabe/SymlinkProtect/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":229724319,"owners_count":18114431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kernel-driver","minifilter-driver","mitigation","symlink","windows-10"],"created_at":"2024-12-14T16:18:24.811Z","updated_at":"2024-12-14T16:18:25.425Z","avatar_url":"https://github.com/sgabe.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SymlinkProtect\n\nFile system minifilter driver for Windows written in C++ to block symbolic link attacks. It monitors user-mode applications and blocks malicious attempts to set a reparse point on a directory creating a mount point to some suspicious targets like `\\RPC Control`. See [here](https://www.seljan.hu/posts/how-to-mitigate-symbolic-link-attacks-on-windows/) for more information about the inner workings of the driver.\n\n## Usage\n\n1. [Download](https://github.com/sgabe/SymlinkProtect/releases) the latest release or compile the driver.\n2. Right-click on the *SymlinkProtect.inf* file and click on **Install**.\n3. Open an elevated command prompt and enable test signing: \\\n    `bcdedit /set testsigning on`\n4. After reboot, open an elevated command prompt again.\n5. Load the driver with `fltmc.exe` with the *load* option: \\\n    `fltmc load symlinkprotect`\n6. Unload the driver with `fltmc.exe` with the *unload* option: \\\n    `fltmc unload symlinkprotect`\n\n## Demo\n\n![SymlinkProtect in action](SymlinkProtect.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsgabe%2Fsymlinkprotect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsgabe%2Fsymlinkprotect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsgabe%2Fsymlinkprotect/lists"}