BLUESPAWN: An Open-Source, Active Defense & Endpoint Detection and Response (EDR) Software for Windows-based Systems; Understanding the Rise of Cyberweapons as a Key Element of National Security

Smith, Jacob, School of Engineering and Applied Science, University of Virginia
Kwon, Yonghwi, EN-Comp Science Dept, University of Virginia
Elliott, Travis, EN-STS Dept, University of Virginia

Over the past several decades, the world has dramatically shifted to where almost everything has some “connected” component. This digital revolution has fundamentally changed nearly every aspect of society. These changes though, have brought on their own, new sets of challenges. In particular, as we increasingly rely on computers in both our business and personal lives, that dependence presents a potential vulnerability. Criminals will abuse this situation to simply make easy money, but nation-states carrying out cyber operations have far more consequences. Over the last two decades, intelligence and military actors have stolen foreign intellectual property, influenced elections, waged disinformation campaigns, and even disrupted nuclear weapons development. These actions cause wide-ranging effects and should not be taken lightly.

Alongside the growth of cyber operations, an entire $60+ billion dollar a year cybersecurity industry has flourished. Professionals study both offensive and defensive tradecraft in pursuit of one goal: stopping breaches. Back when computers were first gaining popularity, the threats were relatively simple - and so were the defenses. Now though, security teams have constructed elaborate defenses to counter the increasingly complex attacks. Unfortunately, for a number of reasons, this defensive software often operates in a “black-box” manner. This approach makes it somewhat more difficult for attackers to identify ways to bypass these protections, yet it also raises the bar required for students and other security professionals to learn how these crucial tools operate.

This thesis will explore the rise of cyberweapons as a key element of national security from a technological and societal point of view. We will study how various countries have employed cyberattacks in different ways to meet their national objectives. In addition, we will also detail the creation of an open source, active defense and EDR tool called BLUESPAWN. This software helps defenders quickly detect, identify, and eliminate malicious activity and malware across a network.

BS (Bachelor of Science)
cybersecurity, endpoint detection and response (EDR), cyber defense, national security, advanced persistent threat (APT)

School of Engineering and Applied Science

Bachelor of Science in Computer Science

Technical Advisor: Yonghwi Kwon

STS Advisor: S. Travis Elliott

Technical Team Members: James McDowell, Calvin Krist, William Mayes

All rights reserved (no additional license for public reuse)
Issued Date: