ShadowStrike Phantom: Open-Source EDR Platform
ShadowStrike is developing an open-source Endpoint Detection and Response (EDR) platform called Phantom, which includes advanced malware detection and emulation capabilities powered by AI/ML models.
Why it matters
ShadowStrike's open-source Phantom EDR platform aims to provide advanced malware detection and analysis capabilities powered by AI/ML, which could have significant impact on the cybersecurity industry.
Key Points
- 1Phantom Emulator - A special emulation engine for advanced obfuscated malware
- 2Phantom Cortex - AI/ML models for static, behavioral, network, emulation, and memory analysis
- 3Phantom Sensor - A custom kernel minifilter driver
- 4Shared Modules - The core malware hunting engine orchestrated with the AI/ML agents and emulation engine
Details
ShadowStrike has been developing the Phantom EDR platform since 2024 and plans to release it in 2027. The platform includes several key components: Phantom Emulator, a specialized engine for analyzing advanced obfuscated malware; Phantom Cortex, which houses various AI/ML models trained on the EMBER 2018 dataset and synthetic samples for static, behavioral, network, emulation, and memory analysis; and Phantom Sensor, a custom kernel minifilter driver. The Shared Modules component is the core malware hunting engine that integrates all these capabilities. The Phantom EDR and XDR products will use this shared engine with additional specialized features for each tier, while the Home version will have a local user interface. The project is still in active development, and the team is seeking community support through GitHub stars and sponsorships.
No comments yet
Be the first to comment