# ExploitGuard

## Introduction 

Exploit Guard monitors Elixir applications for functions created at runtime via `:erlang.binary_to_term`. This is done with the tracing built into Erlang. It is unusual for functions to be created at runtime, so this can be used as a high quality signal of malicious activity. 

Exploit Guard can be configured in `monitor` or `block` mode:

```
config :exploit_guard,
  mode: :monitor
```

```
config :exploit_guard,
  mode: :block
```

`monitor` - Logger will print an alert-level severity message. No action will be taken, this is the "read only" option.

`block` - The process where the new function was created will be killed, and Logger will print an alert-level severity message.


## Installation

Exploit guard is available in Hex, the package can be installed
by adding `exploit_guard` to your list of dependencies in `mix.exs`:

```elixir
def deps do
  [
    {:exploit_guard, "~> 1.0.0"}
  ]
end
```