Show HN: Azazel – Lightweight eBPF-based malware analysis sandbox using Docker https://ift.tt/dsM3GQn

Show HN: Azazel – Lightweight eBPF-based malware analysis sandbox using Docker Hey HN, I got frustrated with heavy proprietary sandboxes for malware analysis, so I built my own. Azazel is a single static Go binary that attaches 19 eBPF hook points to an isolated Docker container and captures everything a sample does — syscalls, file I/O, network connections, DNS, process trees — as NDJSON. It uses cgroup-based filtering so it only traces the target container, and CO-RE (BTF) so it works across kernel versions without recompilation. It also has built-in heuristics that flag common malware behaviors: exec from /tmp, sensitive file access, ptrace, W+X mmap, kernel module loading, etc. Stack: Go + cilium/ebpf + Docker Compose. Requires Linux 5.8+ with BTF. This is the first release — it's CLI-only for now. A proper dashboard is planned. Contributions welcome, especially around new detection heuristics and additional syscall hooks. https://ift.tt/Ky8VB6Y February 15, 2026 at 12:37AM

Comments

Post a Comment

Popular posts from this blog

Show HN: Agent File (.af) – An open file format for agents https://ift.tt/fzI5HcG

Show HN: Agent File (.af) – An open file format for agents Hi HN - We’re building Agent File (.af), which makes it possible to re-create the exact same agent (including memories, tools, message history, configs, etc.) across different machines. A big difference between LLMs and agents is that agents have associated state: system prompts, editable memory (personality and user information), tool configurations (code and schemas), and LLM/embedding model settings. While you can run the same LLM as someone else by downloading the weights, there’s no “representation” of agents that allows you to re-create an instance of an agent across services. Agent File (.af) is an open standard file format for serializing stateful agents. Originally designed for the Letta framework, .af is a human-readable representation of all the associated state of an agent to reproduce the exact behavior and memories. To demonstrate .af, we also made a few example agents with download links to .af: - MemGPT: An agen...
Read more

Show HN: Repomance: A Tinder style app for GitHub repo discovery https://ift.tt/ePRYjxb

Show HN: Repomance: A Tinder style app for GitHub repo discovery Hi everyone, Repomance is an app for discovering curated and trending repositories. Swipe to star them directly using your GitHub account. It is currently available on iOS, iPadOS, and macOS. I plan to develop an Android version once the app reaches 100 users. Repomance is open source: https://ift.tt/Mqe9zG0 All feedback is welcome, hope you enjoy using it. https://ift.tt/6LGBVdU January 15, 2026 at 12:24AM
Read more