frontpage.

Hey,

I built Saeros because I was frustrated with the current state of Active Directory security in secure/air-gapped environments.

As of today, solutions that detect live threats such as DCSync, Golden Tickets, or Kerberoasting require heavy agents that pipe gigabytes of logs to the cloud (Splunk, CrowdStrike, SentinelOne) or sync your AD to Azure (Defender for Identity). Other alternatives such as OSSEC, Wazuh or Elastic require heavy setup and are very time consuming. Chainsaw and Hayabusa do not support live detections.

For critical infrastructure or disconnected networks, that isn't an option.

What it does: Saeros is a single-binary agent written in C# that runs on domain controllers. It subscribes to Event Tracing for Windows (ETW), matches them against Sigma rules in real-time, and outputs alerts locally through a powerful console.

Key Takeaways:

- User-Mode Only: This does NOT use kernel drivers. It cannot BSOD your domain controller. - Performance Critical: The agent consumes minimal resources while handling tens of thousands events per second. - Read-Only: It does not attempt to block or terminate processes. - Air-Gap Native: It requires zero internet connection.

The code source is located here: https://github.com/Saeros-Security/Saeros. I released this under the AGPL-3.0 license so security teams can audit the code and verify that it only listens and never talks to the outside world.

I’m looking for your feedbacks.

Thanks!

MS-DOS game copy protection and cracks

Updates on GNU/Hurd progress [video]

Epstein took a photo of his 2015 dinner with Zuckerberg and Musk

MyFlames: Visualize MySQL query execution plans as interactive FlameGraphs

Show HN: LLM of Babel

A modern iperf3 alternative with a live TUI, multi-client server, QUIC support

Famfamfam Silk icons – also with CSS spritesheet

Apple is the only Big Tech company whose capex declined last quarter

Reverse-Engineering Raiders of the Lost Ark for the Atari 2600

Show HN: Deterministic NDJSON audit logs – v1.2 update (structural gaps)

The Greater Copenhagen Region could be your friend's next career move

Do Not Confirm – Fiction by OpenClaw

The Analytical Profile of Peas

Hallucinations in GPT5 – Can models say "I don't know" (June 2025)

What AI is good for, according to developers

OpenAI might pivot to the "most addictive digital friend" or face extinction

Show HN: Know how your SaaS is doing in 30 seconds

ClawdBot Ordered Me Lunch

What the News media thinks about your Indian stock investments

Running Lua on a tiny console from 2001

Google and Microsoft Paying Creators $500K+ to Promote AI Tools

New filtration technology could be game-changer in removal of PFAS

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

Kinda Surprised by Seadance2's Moderation

I Write Games in C (yes, C)

Django scales. Stop blaming the framework (part 1 of 3)

Malwarebytes Is Now in ChatGPT

Thoughts on the job market in the age of LLMs

Show HN: Stacky – certain block game clone

AIII: A public benchmark for AI narrative and political independence