SNF
Offline passive NDR for air-gapped networks. Written in Rust
1 follower
Offline passive NDR for air-gapped networks. Written in Rust
1 follower
SNF (Shadow Network Fingerprinting) is a passive NDR engine for air-gapped environments: defense networks, nuclear infrastructure, ICS, and classified SOCs. It fingerprints TLS via JA3/JA4, detects C2 beacons, DGA domains, DNS tunnels, and full ICS/SCADA protocol abuse. Zero network calls. Ever. Not a setting. Architecture. Output is deterministic NDJSON with SHA-256 verification and court-admissible evidence bundles. Open-core layer Apache 2.0. Full intelligence engine proprietary.
