Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

enpoint detection / live analysis & sandbox host / signatures quality test

Panoptes Endpoint Detection and Response Solution

Symantec EDR Internals

A framework and build automation tool to process exploits/payloads to evade antivirus and endpoint detection response products using reusable building-blocks like encryption or obfuscation. Mirrors: https://gitlab.com/0xCCF4/expkit . Create issues and merge request on gitlab.

Library and command line tool for interacting with Carbon Black environments.

Collection of scripts for Fidelis CyberSecurity EDR

multi arch os osquery travisci pipeline python virtuenv

Uses the Damerau-Levenshtein distance to find suspicious tasks running on endpoints in Windows.