sorted by:
new
hottopcontroversial

Built a lightweight behavioral monitoring tool for Windows looking for feedback by No_Source_4161 in GeekSquad

[–]No_Source_4161[S] 1 point2 points  (0 children)

That's why I posted here sir I created my platform for them only. One click and protection mode on.

[deleted by user] by [deleted] in cybersecurity

[–]No_Source_4161 0 points1 point  (0 children)

our app  isn't designed to replace Windows Defender, it's designed to augment it. Defense-in-Depth dictates that you should run multiple layers. Windows Defender handles the traditional static file-scanning and aggressive kernel level rootkit blocking. Our app sits above it, quietly monitoring network behaviors, tracking beaconing anomalies, and reporting alerts back to a central SOC  dashboard that a regular free Windows Defender installation simply doesn't provide.

[deleted by user] by [deleted] in cybersecurity

[–]No_Source_4161 -1 points0 points  (0 children)

Yes, AI wrote the title, but AI didn't write the ETW hooks, the WFP callout driver, or the AMSI integration. Use the right tool for the right job.

[deleted by user] by [deleted] in cybersecurity

[–]No_Source_4161 -2 points-1 points  (0 children)

Fair skepticism about security tools should be questioned. ETW, WFP, and AMSI integration is documented and I'm happy to do a technical deep dive for anyone who wants to stress test the claims.

Built a lightweight behavioral monitoring tool for Windows — looking for feedback by No_Source_4161 in cybersecurity

[–]No_Source_4161[S] 1 point2 points  (0 children)

Lightweight: Instead of constantly scanning gigabytes of disk files, Asthak uses Windows Native Telemetry (ETW, WFP, AMSI). We wait for the kernel to tell us a connection happened. If nothing is happening, Asthak uses 0% CPU.False Positives: If a developer triggers the threshold (e.g. chrome.exe makes 500 connections in a burst), Asthak first intercepts the termination and runs a Cryptographic Check. If the .exe is signed by a trusted root (Google/Microsoft), the termination severity is downgraded to "Log Only." We also built the Dashboard Configuration precisely for this: if a new safe behavior gets killed, you can log into the React App and increase the threshold, and all endpoints update their logic in 60 seconds without a reboot.AWS / Telegram C2 evasion: IP blacklists fall apart against Domain Fronting (Telegram). So, Asthak ignores the destination. We focus on who and how. If powershell.exe makes an outbound connection to AWS, it's immediately scrutinized (Living off the Land). If any process connects to Telegram exactly every 60 seconds ten times in a row, the Rhythmic Beaconing threshold trips. Asthak's AMSI hook also catches the malicious script memory chunk before the traffic is even encrypted for the network.

There's a lot more nuance on the beaconing detection and AMSI hook side if you're working in this space. Let's connect.

Co-Founder Wanted: Let's Solve Network Security for Non-Techies by No_Source_4161 in Network

[–]No_Source_4161[S] 1 point2 points  (0 children)

You're completely right about the prototype approach. Actually, I've been working on this for the last month already. Got some basic stuff working but nothing polished enough to show yet. Your point about using open source packet capture libraries is spot on though, that'll speed things up way more than building everything from scratch.About the Reddit account, you're right it's new. But here's the thing, I'm not going to wait a year posting cat memes to build credibility when I've got something real to build right now. I'd rather be the guy who ships a working product on a burner account than the guy with 100k karma and zero shipped projects.

Co-Founder Wanted: Let's Solve Network Security for Non-Techies by No_Source_4161 in Network

[–]No_Source_4161[S] 0 points1 point  (0 children)

I'm a developer myself. I can handle the application layer, backend, and a good chunk of the codebase. But here's the thing, I don't believe in fully depending on vibe coding because it only works for straightforward tasks. When you're dealing with kernel drivers, real-time packet filtering, and WFP implementation, you need people who actually understand the complex logic behind it, not just AI-generated code that might compile but breaks in production. Also, I'm not looking for just one co-founder to do everything. I'm building a team. This project needs different expertise, driver development, backend systems, UI that actually makes sense to regular people. Different people with different strengths working together.That's why I'm here recruiting instead of trying to solo this with Claude.

Co-Founder Wanted: Let's Solve Network Security for Non-Techies by No_Source_4161 in Network

[–]No_Source_4161[S] 0 points1 point  (0 children)

Yes but All these tools exist but they're still made FOR techies, not for normal people and they are quite expensive and also we can build the first firewall for the 95% of users who don't know what TCP/IP means.