Transparent endpoint security
- Block and detect advanced attacks
- Modern audited cryptography: RustCrypto for hashing and encryption
- Highly compatible: Development focused on all platforms (incl. legacy) and architectures
- Source available: Audits welcome
- Reviewed by security researchers with combined 100+ years of experience
- Video demonstration of detection and prevention capabilities
- Testing WhiteBeam against zeroday exploits
- Recorded attacks against the WhiteBeam honeypot
WhiteBeam is currently unavailable for installation due to backwards-incompatible security enhancements for 0.3. Check back soon!
Distro-specific packages have not been released yet for WhiteBeam, check again soon!
- Download the latest release
- Ensure the release file hash matches the official hashes (How-to)
- Install:
./whitebeam-installer install
- Run tests (Optional):
cargo run test
- Compile:
cargo run build
- Install WhiteBeam:
cargo run install
- Become root (
sudo su/su root) - Set a recovery secret:
whitebeam --setting RecoverySecret mask. After setting the recovery secret, you can runwhitebeam --authto make changes to the system.
Multiple guides are provided depending on your preference. Contact us so we can help you integrate WhiteBeam with your environment.
- Serverless guide, for passive review
- osquery Fleet setup guide, for passive review
- WhiteBeam Server setup guide, for active response
ℹ️ WhiteBeam is experimental software. Contact us for assistance safely implementing it.
- Become root (
sudo su/su root) - Review the baseline at least 24 hours after installing WhiteBeam:
whitebeam --baseline
- Add trusted behavior to the whitelist, following the whitelisting guide
- Enable WhiteBeam prevention:
whitebeam --setting Prevention true