Transparent endpoint security
Features
- Block and detect advanced attacks
- Modern audited cryptography: RustCrypto for hashing and encryption
- Highly compatible: Development focused on all platforms (incl. legacy) and architectures
- Source available: Audits welcome
- Reviewed by security researchers with combined 100+ years of experience
In Action
- Video demonstration of detection and prevention capabilities
- Testing WhiteBeam against zeroday exploits
- Recorded attacks against the WhiteBeam honeypot
Installation
From Packages (Linux)
Distro-specific packages have not been released yet for WhiteBeam, check again soon!
From Releases (Linux)
- Download the latest release
- Ensure the release file hash matches the official hashes (How-to)
- Install:
./whitebeam-installer install
From Source (Linux)
- Run tests (Optional):
cargo run test
- Compile:
cargo run build
- Install WhiteBeam:
cargo run install
Quick start
- Become root (
sudo su
/su root
) - Set a recovery secret. You'll be able to use this with
whitebeam --auth
to make changes to the system:whitebeam --setting RecoverySecret mask
How to Detect Attacks with WhiteBeam
Multiple guides are provided depending on your preference. Contact us so we can help you integrate WhiteBeam with your environment.
- Serverless guide, for passive review
- osquery Fleet setup guide, for passive review
- WhiteBeam Server setup guide, for active response
How to Prevent Attacks with WhiteBeam
WhiteBeam is experimental software. Contact us for assistance safely implementing it.
- Become root (
sudo su
/su root
) - Review the baseline at least 24 hours after installing WhiteBeam:
whitebeam --baseline
- Add trusted behavior to the whitelist, following the whitelisting guide
- Enable WhiteBeam prevention:
whitebeam --setting Prevention true