Anubhav Gain is a Security Software Engineer at Infopercept Consulting and CEO at TechAnv Consulting. He builds production-grade security systems in Rust and Go, including Leviathan (Windows kernel EDR), Krustron (Kubernetes platform), and Agni (Firecracker TUI). He has 222+ research citations.

What open-source projects has Anubhav Gain built?

Anubhav Gain has built: Leviathan (Windows kernel-mode EDR/XDR framework in safe Rust), Krustron (open-source Devtron alternative for Kubernetes), Agni (Firecracker microVM TUI in Go), opensearch-rust-sdk (high-performance OpenSearch SDK for Rust), ebpf-file-monitor (Rust inotify eBPF file monitoring), rshell (Rust bind/reverse shell), and the Status enterprise monitoring platform.

What expertise does Anubhav Gain offer?

Anubhav Gain specializes in DevSecOps, XDR/OXDR Platform Architecture, Windows Kernel Security (Ring 0, KMDF, ELAM), eBPF development, Rust and Go programming, Kubernetes platform engineering, GitOps CI/CD, MITRE ATT&CK mapping, Cloud-Native Security, SIEM/EDR implementation, and OpenSearch SDK development.

What is Leviathan by Anubhav Gain?

Leviathan is a production-grade Windows kernel-mode security framework written entirely in safe Rust using Microsoft's windows-drivers-rs (KMDF v1.33). It implements the full EDR/XDR primitive stack at Ring 0 with five kernel callbacks, MITRE ATT&CK mapping across 16 techniques, pool-tag memory forensics, SSDT/IDT/MSR hook scanning, ELAM support, and zero-copy kernel-to-user telemetry streaming.

What companies does Anubhav Gain work with?

Anubhav Gain works as Security Software Engineer at Infopercept Consulting and is the CEO and Founder of TechAnv Consulting. He also contributes to open-source projects under the anubhavg-icpl GitHub organization.

Anubhav Gain

Security Software Engineer · XDR/OXDR Architect · Rust & eBPF · 222+ Research Citations

Tags

/ 2fa ab aboutme access-control access-management active-directory actix-web ad-blocking administration admission-control adr advanced-devops advanced-threats agile ai AI AI Agents AI Development ai-cybersecurity ai-detection ai-integration ai-powered-scoring AI-security ai-threat-detection ai-threat-hunting ai-translation airtable alert-consolidation alert-fatigue alerting Alpine-Linux amd-sev amplitude amtd analysis analytics anomaly-detection ansible api API api-client api-design api-gateway api-management api-security app-control-for-business apparmor apple Apple-Intelligence Apple-security applescript application-security applications applocker APT-attacks apt-detection arch-linux architecture architecture-patterns argocd arm-trustzone asgi assemblyscript astro-ai async Async athena Attack-Mitigation attestation audio auth0 authentication Authentication authorization automated-monitoring automated-response automation autoscaling aws AWS awslambda aya Aya azure azure-ad backend background-services backstage backup Backup bare-metal baseline-analysis bash basics bcc behavioral-analysis behavioral-analytics benchmarking Best Practices best-practices bgp bind-mounts biometric-security blacklist blockchain blog-platforms Blogging blue-green blue-team bluechi bochs borrowing bot-management Bot-Management boto3 bpftrace broadcom browser build build-configuration busybox byzantine c caddy calico canary career Career cdc cdn CDN centos certificate-authority certificates chartmuseum chatbot chatops check_wmi_plus choreography chrome ci-cd CI/CD cicd cilium circuit-breaker cis cis-benchmark cka Claude claude-3-opus claude-code cleanup cli cli-tools clickhouse cloud cloud-native cloud-providers cloud-security Cloud-Storage cloudflare Cloudflare cloudflared cloudrun cluster cluster-deployment cluster-health cluster-management cluster-setup cmd cni cocktails code management code-generation collaboration communication communication-patterns community compensation compliance compliance-automation compliance-reporting compression conference-translation confidential-computing configmaps configuration configuration-management consensus consul container Container Orchestration Container-Architecture container-management container-monitoring container-orchestration container-runtime container-security containerization Containerization containers Containers content-automation content-generation contextual-translation continuous-improvement contract-testing controller controller-manager cookiecutter cooking coredns coreos correlation correlation-rules cors cosmopolitan Cost Optimization cost-optimization Cost-Optimization cpp cqrs crd cri-o cronjob cronjobs cross-account cross-cloud Cross-Platform cryptography csharp css custom linux custom-decoders customization CVE-2025-31200 CVE-2025-31201 cybersec cybersecurity Cybersecurity d1-database D1-Database daemonsets dashboard dashboards data-analytics data-architecture data-channels data-consistency data-fetcher data-governance data-management data-masking data-migration data-pipelines data-prepper data-processing data-protection data-recovery database datasette dba ddos-protection DDoS-Protection debian debugging decoders deepl-voice deepseek-r1 defense defensive-security Demo deno dep deployment Deployment design-patterns desktop-development detection detection-accuracy Developer Tools developer-portal developer-portals development devops DevOps devops-culture devops-journey devsecops DevSecOps devtools devtron diagrams digitalocean disaster-recovery discord discovery disk-encryption disk-provisioning Distributed Systems distributed-security distributed-systems distributed-transactions distro distrobox django dkim dmarc dnf dns docker Docker document-processing documentation domain-administration domain-driven-design dotnet duckdb dx-operational-observability dynamodb ebpf eBPF ec2 ECS edge-computing Edge-Database edge-devices edge-functions edge-security edr elastic-alternative elasticsearch electron elk-stack email email-automation embedded linux embedded-systems encryption endpoint-protection endpoint-security Engineering enterprise Enterprise Enterprise Security enterprise-architecture enterprise-clustering enterprise-governance enterprise-integration enterprise-security environment-variables envoy error-handling etcd ETL eureka event-driven event-driven-architecture event-sourcing event-streaming Example exif exploit-mitigation exploit-prevention exploitation falco Fargate fault-tolerance feature-flags federation fedora fedora-coreos ffmpeg FIDO2 file-integrity file-rule-levels file-transfer filebeat FileVault fips fips-203 firefox firewall fluentbit flux fly forensics full-stack functions fundamentals future-translation gainsaheb Gatekeeper gcp gcs gemini-2.5 general gis git github github-actions gitlab gitops GitOps Global-Distribution gmail go golang google google-authenticator google-cloud google-sheets googlecloud governance gpt gpt-4o gpt3 grafana graph-api graphical interface graphql GraphQL group-policy grpc gui guide hacker-news ham-radio hardening hardware hardware-acceleration hardware-security hashicorp health-probes helm helm-charts heroku high-availability high-risk-security hirte history homebrew homelab hpa hsm html http http3 https httpx hugo hybrid-cloud hybrid-quantum-classical hypothesis-driven iac iam icinga ics identity identity management identity-governance identity-management ignition imagemagick incident-response index index-management indexer industrial-iot industrial-security Infopercept infrastructure Infrastructure infrastructure-as-code ingress insider-threats installation instrumentation integration integration-testing intel-sgx internet interoperability introduction intrusion-detection inventory Invinsense ios iOS-development iOS-security iot isa istio iterators jamstack jasmin java javascript JavaScript jenkins jest jinja jq json jsonpath jupyter jwt JWT k8s kafka kannel kaslr keepalive kernel Kernel kernel-security key-management keycloak KIND kiota kms kprobe kpti kubeadm kubectl kubernetes Kubernetes kubernetes-security kustomize kyber labels lambda language-processing large-language-models lattice-cryptography launchd learning legacy-systems libvirt lightsail lightweight distro linkding linkerd linux Linux linux development linux from scratch linux kernel linux kernel compilation linux system linux-kernel linux-security liveness lkl llm LLM llm-translation llms load-testing Lockdown-Mode log log-analysis log-ingestion log-management log-parsing logging logs low-latency lsm Machine Learning machine-learning machine-translation machinelearning macos macOS macOS-development macOS-security malware malware-analysis malware-detection malware-protection management manifest maps Markdown markdown master-keys mastodon mdm Media-Storage mediawiki memory-management memory-safety mermaid message-queue messaging metrics metrics-server MFA mfa micro-segmentation micromdm microservices Microservices microsoft microsoft-copilot microsoft-graph microsoft-kiota microwindows midjourney migration Migrations minimalistic os minio misc mitigation mitre-attack ml-integration ml-kem mobile-device-management mobile-security monitoring Monitoring morphisec mtls Multi-Agent Systems multi-cloud multi-cluster Multi-Service multi-tenancy multi-tenant multilingual-blogs multimodal-ai multipass musl n8n nagios Namespaces nano-x nats netdata netflix Network network-access network-correlation network-security networking Networking neural-machine-translation neural-networks neuvector nextjs-ai nfs nginx nist-standards no-code node node-affinity node-exporter Node.js nodejs noisy-neighbors nosql notifications npm NSO-group oauth oauth2 OAuth2 object-storage Object-Storage objective-c observability observable observable-plot oci-runtime ocr offensive-security oidc open source open-xdr openai openapi opensearch OpenSearch openssh openssl OpenSSL opentelemetry openvpn operating system operating-systems operators optimization oracle oracle23c orchestration organizational-charts ot-ics overture-maps owasp ownership OXDR p2p P2P package-management packaging packet-capture packet-processing pact pages pagination partitioning passkeys passwordless patterns pbft pdf peer-to-peer Pegasus-protection performance Performance performance-benchmarking performance-optimization permissions persistentvolumeclaims persistentvolumes personalization php pihole pipeline pixelmator pixie pkcs11 PKI pki Platform Development platform-engineering playwright pluggy plugin plugins pmp pod-security podman pods polyglot-persistence post-quantum-cryptography postgresql powershell presenting pricing priority-management privacy-controls privacy-engineering privacy-protection Private-Cloud-Compute process-exporter Process-Supervision processor production Production production-deployment Production-Setup productivity programming project-management prometheus protocols proxy purpleair pyodide pypi pytest python qemu quadlet quadlets quality-assurance quantum-acceleration quantum-ai quantum-algorithms quantum-computing quantum-nlp quantum-resistance quantum-resistant quarto quic r2 R2 r2-storage rabbitmq raft ransomware-defense rate-limiting Rate-Limiting rbac RBAC rdp react readiness readthedocs real-time real-time-analytics real-time-translation red-team reddit reference regulatory-compliance remote-access ReplicaSet repository management resilience resilience4j resource-management resources REST rest-api restore risc-v risk-based-alerting rocky-linux roles rolling-updates rootkit rootless rootless-containers routing rpki rpm-ostree rsyslog rule-engine rule-options rules runtime-protection runtime-security rust Rust s3 s3-compatible S3-Compatible s6-overlay safari safety-critical saga-pattern sandboxed-execution sandboxing scalability sched_ext scheduler scheduling scim screen-sharing sdk-development sdk-generation sdlc seamlessm4t search search-engine seccomp secrets secrets-management secure-boot secure-coding secure-element secure-enclave secure-enclaves security Security Security Platform security-analytics security-architecture security-automation security-commands security-implementation security-monitoring security-orchestration security-patches security-platform security-runtimes security-systems security-testing security-tools security-updates selenium selinux seo seo-optimization server-setup serverless Serverless service mesh service-accounts service-discovery service-mesh service-workers Services shell shell-configuration shell-scripting shellcode shot-scraper siem SIEM signaling sigstore simultaneous-interpretation single-node sinkhole site-speed slack slsa smack smallstep smpp SMS sms-gateway smtp snapshot soar software development software-attestations software-testing spatialite speech-translation spf sphinx spiffe spire spreadsheet spring-boot spyware-protection sql SQL sqlite SQLite squarespace sre ssh ssl SSL/TLS starship static-sites stepca storage storageclass streaming STUN supply-chain-security svg swift sysadmin sysmon System Architecture system services system-administration system-calls system-design system-extension system-integrity system-maintenance system-programming systemd systems-programming tailscale taints targeted-attacks TCC tcp team-collaboration telegram terminal terminal-services terraform tesseract testcontainers testing tetragon textract threading threat-detection threat-hunting threat-intelligence threat-modeling threat-prevention threat-remediation threshold-cryptography tiktok tinyemu tls TLS toast-notifications token-flow tokio Tokio tolerations tomcat tools tpm tracee tracing Traffic-Analysis troubleshooting trusted-execution trusted-execution-environments trusted-publishing tunnel tunneling tunnels turing TURN tutorial twitter typescript ubuntu udp ui uninstallation unisolation unix utilities upgrade uprobes usb-control use-cases user-experience user-monitoring user-session utm-stack valtown vault vega vendor-lock-in version control version-control Video video video-chat vim violation-detection virtualization visualization vmware volumes vpn vpn-replacement vscode vulnerabilities vulnerability vulnerability-analysis vulnerability-detection vulnerability-scanning waf WAF wasi wasm wazuh Wazuh wdac web Web Development web-components web-development web-filtering web-infrastructure web-performance web-security Web-Security web-servers webassembly webauthn WebAuthn webhooks webrtc WebRTC websockets white-labeling wikipedia windows Windows Services windows-10-iot windows-api windows-monitoring windows-security winexe winrt wmi wordpress worker-nodes workers Workers workflow workflow-automation workload-identity xdp XDP XDR xdr xdr-platform xdr-testing xpc xprotect XProtect yaml youtube zeit-now zero-copy zero-day zero-trust zsh ztna

Anubhav Gain#

Security Software Engineer · XDR/OXDR Architect · Rust & eBPF Specialist

Security software engineer and entrepreneur building production-grade security infrastructure at the intersection of systems programming, kernel engineering, and cloud-native architecture. Based in Ahmedabad, Gujarat, India.

Currently: Security Software Engineer at Infopercept Consulting (Invinsense XDR/OXDR platform) and CEO & Founder at TechAnv Consulting. 222+ academic research citations.

Experience#

Security Software Engineer — Infopercept Consulting#

Ahmedabad, Gujarat · July 2024 – Present

Core platform engineer on the Invinsense XDR/OXDR enterprise security platform:

Single-tenant and multi-tenant XDR deployment architecture
Custom OpenSearch Dashboard plugins for threat visualization
Cross-platform Rust agents for telemetry collection and detection
DevSecOps pipelines with automated security testing and shift-left enforcement
Container orchestration with Docker and Kubernetes
SIEM rule authoring, ML anomaly detection, OCSF schema integration

CEO & Founder — TechAnv Consulting#

Vadodara, Gujarat · December 2022 – Present

Enterprise security consulting — XDR/OXDR architecture, Windows kernel driver development, Kubernetes platform engineering, cloud security (AWS, Azure), and zero-trust network design.

techanv.com · contact@techanv.com

DevSecOps Engineer — Atcults#

November 2023 – Present

Automated security testing pipelines, Terraform IaC, security monitoring and incident response automation, Kubernetes containerization and hardening.

IT Specialist — Parul University#

November 2022 – October 2023

Palo Alto Networks firewall management, Red Hat Linux and Windows Server administration, AWS infrastructure, Microsoft Endpoint Configuration Manager.

Core Projects#

Brief summaries — full details on the projects page.

Project	Stack	Description
Leviathan	Rust · Ring 0 · KMDF	Windows kernel EDR/XDR framework — zero unsafe blocks, 5 kernel callbacks, MITRE ATT&CK mapping, ELAM support
Krustron	Go · K8s · GitOps	Open-source Kubernetes platform — unified multi-cluster management, CI/CD, observability, RBAC
Agni	Go · Bubble Tea · KVM	Firecracker microVM terminal UI — launch, configure, inspect, teardown without CLI flags
opensearch-rust-sdk	Rust · Async	High-performance OpenSearch Extensions SDK — async-first, strongly-typed, no JVM
ebpf-file-monitor	Rust · eBPF	File monitoring via inotify API and eBPF with timestamped audit logs

Technical Stack#

Systems Programming

Rust (primary — safe systems, no-std, kernel-mode with windows-drivers-rs)
Go (TUI, Kubernetes operators, REST APIs)
C/C++, Python, Bash, PowerShell

Security Engineering

Windows kernel (Ring 0, KMDF, SSDT/IDT/MSR, 5 kernel callbacks)
EDR/XDR platform development
eBPF (Linux observability and security)
MITRE ATT&CK, OCSF, Wazuh SIEM, YARA

Platform & Infrastructure

Kubernetes (multi-cluster, RBAC, GitOps), Terraform, Ansible, Docker
AWS (EC2, S3, IAM, CloudWatch), Azure, Palo Alto Networks

Data & Observability

OpenSearch (Extensions API, custom analyzers, ingest processors)
Elasticsearch, distributed tracing, metrics pipelines

Education#

Degree / Certification	Institution	Year
B.Tech Cyber/Computer Forensics and Counterterrorism	Parul University	2021–2025
Licentiate Cybersecurity Management (93/100 — High Distinction)	Charles Sturt University	2023
Licentiate Ransomware Techniques	Charles Sturt University	2023
C3SA Premium Edition	—	2024
IBM Cybersecurity Analyst Professional Certificate	IBM	2023
AWS Educate — Getting Started with Security	AWS	2023
Open Source Software Development, Linux and Git Specialization	—	2023
Harvard CS50	Harvard	—
Cisco Networking Basics & Introduction to Cybersecurity	Cisco	—

Industry Engagements#

Organization	Engagement	Focus
JPMorgan Chase & Co.	Data Analyst — Fraud Detection	Financial payment fraud analysis, prevention strategy
PwC	Cybersecurity	Phishing simulation, integrated information defense
AIG	Zero-day Response	Ransomware bypass techniques and mitigation
Clifford Chance	ICO Regulatory Compliance	Data leak damages claims, regulatory framework

Research#

222+ citations on Google Scholar — EEG-based emotion recognition (LSTM networks), cybersecurity automation, kernel security, and defense mechanisms.

Google Scholar Profile

Online#

Building robust, scalable defenses — one line of Rust at a time.

Newsletter