Announcing Fibratus - a modern tool for the Windows kernel exploration and tracing
Nedim Šabić
I'm thrilled to announce Fibratus - a modern tool for the Windows kernel tracing and observability built in Go. Fibratus is the fruit of a lot of development and research during the past two years.
To discover more about Fibratus, head to the documentation site: https://www.fibratus.io
Some prominent features:
blazing fast
collects a wide spectrum of kernel events - from process to network observability signals
powerful filtering engine
running Python code (filaments) on top of kernel event flow. Fibratus interacts with the low-level CPython API to spin up fully-fledged Python interpreters
capturing event flux to capture files and replaying anywhere
transporting events to a wide array of output sinks, including Elasticsearch, RabbitMQ, or console
transforming kernel events
out of the box alerting
scanning malicious processes and files with libyara
PE (Portable Executable) introspection