Anubhav Gain

Security Software Engineer · XDR/OXDR Architect · Rust & eBPF · 222+ Research Citations

Tags

/ 2fa ab access-control access-management admission-control adr advanced-devops agile ai-cybersecurity ai-integration ai-translation alerting amd-sev amplitude amtd analytics anomaly-detection ansible api api-client api-design api-gateway api-management app-control-for-business apparmor apple applescript application-security applications applocker arch-linux architecture architecture-patterns argocd arm-trustzone asgi astro-ai athena auth0 authentication authorization automation autoscaling aws awslambda aya azure azure-ad backend background-services backstage backup bare-metal bash basics bcc behavioral-analytics benchmarking Best Practices best-practices bind-mounts blacklist blockchain blog-platforms Blogging blue-green blue-team bluechi bochs bot-management boto3 bpftrace broadcom browser busybox byzantine caddy calico canary career cdc centos certificate-authority certificates chartmuseum check_wmi_plus chrome ci-cd cicd cilium circuit-breaker cis cis-benchmark cka claude-3-opus claude-code cleanup cli cli-tools clickhouse cloud cloud-native cloud-security cloudflare cloudflared cloudrun cluster cluster-deployment cluster-management cluster-setup cni cocktails code management code-generation collaboration communication community compliance conference-translation confidential-computing configmaps configuration configuration-management consensus container Container Orchestration container-management container-orchestration container-runtime container-security containerization Containerization containers Containers content-automation contextual-translation continuous-improvement controller cookiecutter cooking coredns coreos cors cosmopolitan cost-optimization cqrs crd cri-o cronjob cronjobs cross-account cryptography csharp css custom linux customization cybersec cybersecurity d1-database daemonsets dashboards data-analytics data-architecture data-consistency data-fetcher data-governance data-management data-masking data-migration data-recovery database datasette dba ddos-protection debian debugging deepl-voice deepseek-r1 defense defensive-security Demo deno dep deployment Deployment design-patterns developer-portal developer-portals development devops DevOps devops-culture devops-journey devsecops devtools devtron digitalocean discord discovery distributed-systems distro distrobox django dnf dns docker Docker documentation domain-driven-design dotnet duckdb dx-operational-observability dynamodb ebpf ec2 edge-computing edr elasticsearch electron elk-stack embedded linux encryption endpoint-security enterprise Enterprise Security enterprise-architecture enterprise-integration environment-variables etcd event-driven event-driven-architecture event-sourcing Example exif exploit-prevention exploitation falco fault-tolerance feature-flags fedora fedora-coreos file-rule-levels fips firefox fluentbit fly full-stack functions fundamentals future-translation gainsaheb gcp gemini-2.5 general gis git github github-actions gitlab gitops go golang google google-authenticator google-sheets googlecloud governance gpt-4o gpt3 grafana graph-api graphical interface graphql grpc gui guide hacker-news ham-radio hardening hardware-security hashicorp health-probes helm helm-charts heroku high-availability hirte history homebrew hpa hsm html http httpx hugo hybrid-quantum-classical iac iam icinga ics identity identity management ignition imagemagick index Infopercept infrastructure ingress installation instrumentation intel-sgx internet introduction inventory Invinsense ios istio iterators jasmin java javascript jenkins jinja jq json jsonpath jupyter k8s kafka kannel kaslr kernel key-management KIND kiota kms kprobe kpti kubeadm kubectl kubernetes Kubernetes kubernetes-security labels lambda language-processing large-language-models launchd learning legacy-systems libvirt lightsail lightweight distro linkding linux linux development linux from scratch linux kernel linux kernel compilation linux system linux-kernel liveness lkl llm-translation llms log-management logging low-latency lsm machine-learning machine-translation machinelearning macos macOS malware maps Markdown markdown master-keys mastodon mdm mediawiki mermaid metrics metrics-server micromdm microservices Microservices microsoft microsoft-graph microsoft-kiota microwindows midjourney migration minimalistic os minio mitigation mobile-device-management monitoring morphisec mtls multi-tenancy multi-tenant multilingual-blogs multimodal-ai multipass musl Namespaces nano-x nats netdata netflix network-security networking Networking neural-machine-translation neural-networks nextjs-ai nfs nginx node-affinity node-exporter Node.js nodejs noisy-neighbors oauth object-storage objective-c observability oci-runtime ocr open source openapi opensearch openssl OpenSSL opentelemetry openvpn operating system operating-systems operators optimization oracle oracle23c orchestration OXDR package-management packaging packet-capture pagination partitioning patterns pbft pdf performance permissions persistentvolumeclaims persistentvolumes personalization php pixie pkcs11 PKI pki Platform Development platform-engineering podman pods polyglot-persistence post-quantum-cryptography postgresql powershell pricing process-exporter production productivity programming prometheus protocols python qemu quadlet quadlets quality-assurance quantum-acceleration quantum-ai quantum-algorithms quantum-computing quantum-nlp r2-storage raft rate-limiting rbac readiness real-time-analytics real-time-translation reference remote-access ReplicaSet repository management resilience resilience4j resource-management resources restore rocky-linux roles rolling-updates rootkit rootless rootless-containers rpm-ostree rsyslog rule-options runtime-protection runtime-security rust s3 s3-compatible safari safety-critical scalability sched_ext scheduler scheduling sdk-development sdk-generation seamlessm4t search seccomp secrets secrets-management secure-coding secure-element secure-enclaves security security-automation security-tools selinux seo-optimization server-setup serverless service mesh service-accounts service-mesh Services shell shell-configuration shell-scripting siem simultaneous-interpretation single-node smack smallstep smpp sms-gateway speech-translation spiffe spire spring-boot sqlite sre ssh ssl SSL/TLS starship stepca storage storageclass streaming swift system-administration system-design system-extension system-maintenance systemd systems-programming taints terminal terraform testing tetragon textract threading threat-detection threat-hunting threat-intelligence threshold-cryptography tinyemu tls TLS tolerations tomcat tools tpm tracee tracing troubleshooting trusted-execution-environments tunnel tunnels turing tutorial typescript ubuntu ui uninstallation unix utilities upgrade uprobes usb-control user-session vault version control version-control Video virtualization visualization volumes vpn vpn-replacement vulnerabilities vulnerability vulnerability-analysis vulnerability-scanning waf wasi wasm wazuh wdac web Web Development web-development web-filtering web-infrastructure web-security webassembly webrtc websockets windows windows-security wmi worker-nodes workers xdp XDR xdr xpc xprotect yaml zero-trust zsh

Projects#

A collection of open-source tools spanning kernel security, platform engineering, and systems programming.

Security & Kernel#

Leviathan #

Windows kernel-mode EDR/XDR framework written entirely in safe Rust (Ring 0, KMDF). Features five kernel callbacks, MITRE ATT&CK-mapped detection, pool-tag forensics, SSDT/IDT hook scanning, and zero-copy telemetry streaming.

Rust Ring 0 KMDF Windows EDR

ebpf-file-monitor #

High-performance file monitoring on Linux using eBPF and inotify with timestamped logs and kernel-userspace communication in safe Rust.

Rust eBPF inotify Linux

rshell #

Multithreaded bind and reverse shell for authorized penetration testing and security research. Netcat-compatible with configurable ports.

Rust Networking Pentesting

ocsf-rust-crawler #

Async crawler for the Open Cybersecurity Schema Framework (OCSF) JSON API. Fetches, archives, and timestamps schema responses.

Rust OCSF async serde

Platform & Infrastructure#

Krustron #

Unified Kubernetes platform engineering tool — an open-source Devtron alternative. Multi-cluster management, GitOps CI/CD, integrated observability, and RBAC in a single operator platform.

Go Kubernetes GitOps Multi-cluster

Agni #

Interactive TUI for managing Firecracker microVMs, built on Bubble Tea. Launch, configure, inspect, and tear down microVMs for dev, CI, and edge compute workloads.

Go Bubble Tea Firecracker KVM

opensearch-rust-sdk #

Async-first, strongly-typed Rust SDK for the OpenSearch Extensions API. Build custom search pipelines and ingest processors without JVM overhead.

Rust async OpenSearch No JVM

status #

Self-hosted enterprise status page with health checks, incident lifecycle management, uptime reporting, and webhook/email notifications. Alternative to Atlassian Statuspage.

Go Self-hosted Webhooks

Developer Tools#

vibe #

Curated library of AI system prompts and chat modes for engineering workflows — backend architecture, threat modeling, code review, and DevOps. Compatible with Claude, GPT-4, and others.

AI Prompts LLM

Minimal Linux Image #

A ~5MB x86_64 Linux image built from source — custom kernel, Busybox, tiny initramfs, and Syslinux bootloader. Reference for embedded and container hosts.

Linux Busybox x86_64

r-logger #

Lightweight Rust logging utility for tracking user activities and queries in complex applications. Minimal dependencies.

Rust Logging

GitHub#

mranv — personal: Rust, eBPF, security tools
anubhavg-icpl — org: Leviathan, Krustron, Agni

Newsletter

Projects#

Security & Kernel#

Platform & Infrastructure#

Developer Tools#

GitHub#