Show HN: Open-Source ShadowStrike Phantom EDR/XDR Platform Progress-Post

Category: security

Tags: security, edr-xdr, windows, kernel-driver, malware-analysis

Score: 7.5/10 (Innovation: 8, Technical: 9, Documentation: 7, Utility: 6)

ShadowStrike Phantom is an ambitious, from-scratch, open-source endpoint detection and response (EDR/XDR) platform for Windows, built to compete with commercial solutions like CrowdStrike. It's technically impressive, featuring a custom kernel driver, a full-system emulation engine, and on-device AI/ML models, all with the goal of providing fully auditable security software. The project is notable for its scale (1.5M+ lines of code) and its attempt to create a transparent, verifiable alternative to proprietary black-box security products.

Target audience: devops, security-engineers

Repository: https://github.com/ShadowStrike-Labs/ShadowStrike · C++ · AGPL-3.0 · 16 stars

View on Hacker News