# ExploitGuard
## Introduction
Exploit Guard monitors Elixir applications for functions created at runtime via `:erlang.binary_to_term`. This is done with the tracing built into Erlang. It is unusual for functions to be created at runtime, so this can be used as a high quality signal of malicious activity.
Exploit Guard can be configured in `monitor` or `block` mode:
```
config :exploit_guard,
mode: :monitor
```
```
config :exploit_guard,
mode: :block
```
`monitor` - Logger will print an alert-level severity message. No action will be taken, this is the "read only" option.
`block` - The process where the new function was created will be killed, and Logger will print an alert-level severity message.
## Installation
Exploit guard is available in Hex, the package can be installed
by adding `exploit_guard` to your list of dependencies in `mix.exs`:
```elixir
def deps do
[
{:exploit_guard, "~> 1.0.0"}
]
end
```