Hacker Newsnew | past | comments | ask | show | jobs | submit | recontech404's commentslogin

Looks very interesting, is there a way we can chat about the Software Engineering roles? (my contact info is on my profile)

I have a background working for another Linux cybersecurity EDR using Golang, Python, and typescript. A research project I just finished as well - https://www.github.com/recontech404/Kairos


Location: Wisconsin, United States

Remote: Yes

Willing to relocate: Yes - depends on location

Technologies: Go, eBPF, C, Python, Angular, Kubernetes, Docker, Penetration Testing, Malware Analysis, Infrastructure (on-prem and cloud), AWS, Bash, Ansible, MongoDB, Linux, RabbitMQ

Résumé/CV: https://www.linkedin.com/in/d403

Email <username>@outlook.com

About: I am a Software Engineer with ~3 years of experience specializing in building and deploying Golang and Kubernetes products with a background in cybersecurity and penetration testing.

Recent Activity:

Kairos - eBPF Malware Analysis Framework with eBPF event tracing, LLM analysis, C2, DNS traffic capturing, and encrypted SSL data capture. https://www.github.com/recontech404/Kairos

Perfctl Rootkit Analysis - https://www.linkedin.com/feed/update/urn:li:activity:7254156...


The senior backend software engineer looks interesting, is there a way I can get in touch with you about a few questions I have before applying?


This looks awesome, I have had numerous issues with large banks messing up account settings/payment so looking forward to this growing. I don't want to clutter up the comments with questions I have about a role here so you should have an email.


Thanks for the kind words! Will get back to you in a bit.


Hello HN,

I wanted to share a project I have been working on for the last ~3 months, an open source eBPF malware analysis framework called Kairos.

A few key features:

- Automatic capturing of relevant eBPF tracepoints

- LLM analysis of the eBPF events

- C2 traffic capturing

- SSL data capture before encryption using eBPF uprobes

- File-less malware support

- Golang based system

- SQLite DB for portability

- Svelte UI for easy interaction

(demos are available on the repo)

Background:

A few months ago I was curious to see how well a LLM could be used to provide human readable summaries about malware behavior and started developing Kairos as I have had some free time having been laid off towards the beginning of the year.

eBPF seemed like the natural path to chose given it's monitoring capabilities, but none of the existing eBPF malware analysis projects such as ELFEN were Golang based. So I started learning eBPF and developing a Golang framework for eBPF using AquaSecurity's libbpfgo library. After creating a small test project and hand feeding the events into a LLM, I was pleasantly surprised on how well the existing LLM's do at providing context and summaries for the eBPF events.

I have also not yet found an analysis system which supports file-less malware such as pyloose, so I build this system to support file-less exploits as well as regular file uploads.

There are also several projects which use mitm network attacks to capture SSL data, but I wanted to see if using eBPF uprobes in the libssl, gnutls, and nss libraries was possible to integrate and it is, so that is supported as well.


OP here and happy to answer any questions about this in the comments.

As you may have also guessed by now, I am still looking for a US remote full-time position (may be open to relocation), so if you or someone you know is looking for a Golang software engineer with a background in cybersecurity and infrastructure please get in touch. My contact details are on my profile.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: