Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

enpoint detection / live analysis & sandbox host / signatures quality test

Tool that gathers a customizable set of ETW telemetry and generates user-defined detections

Panoptes Endpoint Detection and Response Solution

Symantec EDR Internals

A framework and build automation tool to process exploits/payloads to evade antivirus and endpoint detection response products using reusable building-blocks like encryption or obfuscation. Mirrors: https://gitlab.com/0xCCF4/expkit . Create issues and merge request on gitlab.

Library and command line tool for interacting with Carbon Black environments.

Host-based Endpoint Detection & Response (EDR) proof-of-concept using machine learning and explainable AI for realtime threat monitoring.

Uses the Damerau-Levenshtein distance to find suspicious tasks running on endpoints in Windows.

Collection of scripts for Fidelis CyberSecurity EDR

multi arch os osquery travisci pipeline python virtuenv

Python-based Endpoint Detection and Response (EDR) prototype that monitors system processes, detects suspicious behavior, and generates incident response reports.