System instrumentation > Fibratus
Tool for exploration and tracing of the Windows kernel.
Fibratus
Adversary tradecraft detection, protection, and hunting
Get Started »
Docs
•
Rules
•
Filaments
•
Download
•
Discussions
Fibratus detects and eradicates advanced attacker tradecraft by scrutinizing and asserting a wide spectrum of system events against a behavior-driven rule engine and YARA memory scanner.
Events can be routed to a wide range of output sinks or written to capture files for local inspection and forensic analysis. With filaments, you can extend Fibratus with your own tooling and tap into the full power of the Python ecosystem.
In a nutshell, the Fibratus mantra is built on three pillars: realtime behavior detection, memory scanning, and forensics.
Installation and Quick start
For installation and quick start instructions, go here.
Contributing
We love contributions. To start contributing to Fibratus, please read our contribution guidelines.
Code Signing Policy
Free code signing provided by SignPath.io, certificate by SignPath Foundation. All releases are automatically signed.
Developed with ❤️ by Nedim Šabić Šabić