|
2 | 2 |
|
3 | 3 | ## Implementation Plan |
4 | 4 |
|
5 | | -### Phase 1: Core Shell & Sandboxing [✔️] |
6 | | -1. Rust REPL with command parser (clap-based) |
7 | | -2. AppContainer + Job Objects wrapper for child processes |
8 | | -3. Windows CNG integration for crypto primitives |
9 | | -4. Ephemeral memory-mapped storage (PAGE_READWRITE | SEC_COMMIT with encryption) |
| 5 | +* **WFP Firewall** - Declare it but isn't implemented. The network "security" is just status tracking, not actual OS-level blocking. |
| 6 | +* **Sandbox Isolation** - Job Objects work, but is not enforcing filesystem/registry restrictions at the Windows API level. |
| 7 | +* **RFC 3161** - Currently sends HTTP requests but doesn't actually parse RFC 3161 ASN.1 responses. A real TSA would reject your requests when using this shell. It's a good *stub* though, and i plan on fixing such soon |
| 8 | +* **Container Encryption** - Verifys the container exists and has correct permissions, but doesn't actually decrypt or use it. *It's just a file check*. |
| 9 | +* **Plugin Execution** - Install/verify works, but no actual sandboxed execution or API. |
10 | 10 |
|
11 | | -### Phase 2: Authorization & Legal Framework |
12 | | -1. Rules of Engagement consent system with cryptographic signatures |
13 | | -2. Evidence chain-of-custody metadata collection |
14 | | -3. Engagement letter templates and audit trail storage |
15 | | - |
16 | | -### Phase 3: Network Controls & Anonymity |
17 | | -1. WFP (Windows Filtering Platform) firewall integration per tool |
18 | | -2. SOCKS5/Tor routing with kill-switch on anonymization failure |
19 | | -3. WireGuard/OpenVPN management via system drivers |
20 | | - |
21 | | -### Phase 4: Tooling & Plugin System |
22 | | -1. Sandboxed tool execution framework with capability declarations |
23 | | -2. Plugin API with signature verification (Authenticode) |
24 | | -3. Curated tool set: network scanners, forensic parsers, passive collectors |
25 | | - |
26 | | -### Phase 5: Forensics & Evidence Capture |
27 | | -1. VSS-based read-only mounts and forensic copy APIs |
28 | | -2. SHA-256/SHA-3 hashing with signed manifests |
29 | | -3. Tamper-evident log chains (HMAC with append-only storage) |
30 | | - |
31 | | -### Phase 6: Hardware Integration & Updates |
32 | | -1. FIDO2/YubiKey support for auth and container unlocking |
33 | | -2. Signed update mechanism with reproducible build verification |
34 | | -3. Panic wipe for emergency session termination |
35 | | - |
36 | | ---- |
37 | | - |
38 | | -## Cargo.toml Dependencies |
39 | | -``` |
40 | | -[dependencies] |
41 | | -clap = { version = "4.5", features = ["derive"] } |
42 | | -serde = { version = "1.0", features = ["derive"] } |
43 | | -serde_json = "1.0" |
44 | | -sha2 = "0.10" |
45 | | -chrono = { version = "0.4", features = ["serde"] } |
46 | | -uuid = { version = "1.10", features = ["v4", "serde"] } |
47 | | -hex = "0.4" |
48 | | -winapi = { version = "0.3", features = ["jobapi2", "winnt", "securitybaseapi"] } |
49 | | -ring = "0.17" # For cryptographic operations |
50 | | -``` |
| 11 | +All of these will be fixed/completed soon. |
0 commit comments