Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

enpoint detection / live analysis & sandbox host / signatures quality test

Panoptes Endpoint Detection and Response Solution

Symantec EDR Internals

A framework and build automation tool to process exploits/payloads to evade antivirus and endpoint detection response products using reusable building-blocks like encryption or obfuscation. Mirrors: https://gitlab.com/0xCCF4/expkit . Create issues and merge request on gitlab.

Library and command line tool for interacting with Carbon Black environments.

Uses the Damerau-Levenshtein distance to find suspicious tasks running on endpoints in Windows.

multi arch os osquery travisci pipeline python virtuenv

Collection of scripts for Fidelis CyberSecurity EDR