frontpage.

Hey,

I built Saeros because I was frustrated with the current state of Active Directory security in secure/air-gapped environments.

As of today, solutions that detect live threats such as DCSync, Golden Tickets, or Kerberoasting require heavy agents that pipe gigabytes of logs to the cloud (Splunk, CrowdStrike, SentinelOne) or sync your AD to Azure (Defender for Identity). Other alternatives such as OSSEC, Wazuh or Elastic require heavy setup and are very time consuming. Chainsaw and Hayabusa do not support live detections.

For critical infrastructure or disconnected networks, that isn't an option.

What it does: Saeros is a single-binary agent written in C# that runs on domain controllers. It subscribes to Event Tracing for Windows (ETW), matches them against Sigma rules in real-time, and outputs alerts locally through a powerful console.

Key Takeaways:

- User-Mode Only: This does NOT use kernel drivers. It cannot BSOD your domain controller. - Performance Critical: The agent consumes minimal resources while handling tens of thousands events per second. - Read-Only: It does not attempt to block or terminate processes. - Air-Gap Native: It requires zero internet connection.

The code source is located here: https://github.com/Saeros-Security/Saeros. I released this under the AGPL-3.0 license so security teams can audit the code and verify that it only listens and never talks to the outside world.

I’m looking for your feedbacks.

Thanks!

Show HN: MCP to get latest dependency package and tool versions

The better you get at something, the harder it becomes to do

Show HN: WP Float – Archive WordPress blogs to free static hosting

Show HN: I Hacked My Family's Meal Planning with an App

Sony BMG copy protection rootkit scandal

The Future of Systems

NASA now allowing astronauts to bring their smartphones on space missions

Claude Code Is the Inflection Point

Show HN: MicroClaw – Agentic AI Assistant for Telegram, Built in Rust

Show HN: Omni-BLAS – 4x faster matrix multiplication via Monte Carlo sampling

The AI-Ready Software Developer: Conclusion – Same Game, Different Dice

AI Agent Automates Google Stock Analysis from Financial Reports

Voxtral Realtime 4B Pure C Implementation

I Was Trapped in Chinese Mafia Crypto Slavery [video]

U.S. CBP Reported Employee Arrests (FY2020 – FYTD)

Show HN: I built a free UCP checker – see if AI agents can find your store

Show HN: SVGV – A Real-Time Vector Video Format for Budget Hardware

Study of 150 developers shows AI generated code no harder to maintain long term

Spotify now requires premium accounts for developer mode API access

When Albert Einstein Moved to Princeton

Agents.md as a Dark Signal

System time, clocks, and their syncing in macOS

McCLIM and 7GUIs – Part 1: The Counter

So whats the next word, then? Almost-no-math intro to transformer models

Ed Zitron: The Hater's Guide to Microsoft

UK infants ill after drinking contaminated baby formula of Nestle and Danone

Show HN: Android-based audio player for seniors – Homer Audio Player

Starter Template for Ory Kratos

LLMs are powerful, but enterprises are deterministic by nature

Make your iPad 3 a touchscreen for your computer