ByTE X Bit Technologies LLC ByTE X BitTECHNOLOGIES LLC
PURPLE + BLUE TEAM AUTOMATION · PATENT PENDING

Proof your defenses actually work.

ByTE X Bit Technologies builds an integrated security automation platform that emulates attacks, watches and contains them, tracks detection coverage over time, and signs the whole thing into a verifiable trust score — turning everyday security activity into evidence, not guesswork.

Four engines, one platform: PILA · CODE · GHOST · SENTINEL — open core, Apache 2.0.

⬡ Clone on GitHub Explore the Platform →
4
INTEGRATED PRODUCTS
6
DETECTION CONNECTORS
51,012
RULES MONITORED HOURLY
ATT&CK
MAPPED THROUGHOUT
// THE PLATFORM

One platform that closes the loop between offense, defense, and proof.

Most tools generate more data. This one generates evidence. Purple-team exercises feed blue-team operations, coverage is tracked as it drifts, and every result rolls up into a single, defensible posture score your leadership can actually read.

▣ WHAT IT IS

  • +A purple-team execution & scoring platform (PILA)
  • +A blue-team operations engine — rule health, alert enrichment, containment (CODE)
  • +A detection-coverage regression tracker over time (GHOST)
  • +A cryptographic evidence & trust score for security posture (SENTINEL)

▣ WHAT IT IS NOT

  • Not a SIEM — it works alongside yours (Elastic, Splunk, Wazuh)
  • Not an EDR or antivirus
  • Not a firewall or an attack tool for unauthorized use
  • Not a vulnerability scanner — it measures whether detections fire, not what's unpatched
// FOUR ENGINES, ONE SYSTEM

Purpose-built security products that work better together.

Each product stands on its own and shares one data backbone — what PILA emulates, GHOST tracks; what CODE contains, EVIDENCE records; and SENTINEL turns all of it into a score.

PILAPURPLE TEAM
Purple Intelligence & Lifecycle Automation
Run, emulate, and score purple-team exercises against your live detection stack. Quantifies effectiveness on a 0–100 scale and a Defense Maturity Tier.
PSILLMEPIRVAESP
LIVE
CODEBLUE TEAM
Collective Operational Defense Engine
Blue-team operations: monitor detection-rule health hourly, enrich every alert with threat intel, rank containment actions, and chain IR evidence.
DRIFTOBSERVERCHAINEVIDENCE
LIVE
GHOSTCOVERAGE
Gap Heatmap & Operational Simulation Tracker
Tracks ATT&CK detection coverage as it drifts over time. Computes a Detection Debt Score and a Coverage Maturity Level for board-level reporting.
COVERAGE STATESREGRESSION ALERTSDDS / CML
LIVE
SENTINELRISK & TRUST
Security Evidence & Network Threat Intelligence
Turns validation evidence into a cryptographically-attested trust score. Append-only evidence ledger, SHA-256 chain of custody, letter-grade trust ratings.
SENTINEL SCOREEVIDENCE LEDGERTRUST RATINGS
LIVE
// PILA SUITE — DEEP DIVE

The purple-team lifecycle, automated end to end.

From documenting an engagement to emulating the technique, validating remediation, and scoring the result — PILA runs the full loop against real Elasticsearch, Suricata, Zeek, Wazuh, Sysmon, and Splunk telemetry.

PSILPurple Structured
Intelligence LanguageENGAGEMENTS
Structured, version-controllable engagement documents with ATT&CK mappings, TLP markings, and machine-readable scenario capture. 5 engagements persisted.
LMEPLateral Movement
Emulation ProxyEMULATION
Behavioral technique emulation correlated live against your detection stack — find the gaps before an adversary does. 8 techniques, SYNTHETIC/PASSIVE modes.
IRVIncident Remediation
ValidatorVALIDATION
Confirms hosts are actually clean after remediation, against live ES data, and produces timestamped evidence bundles for sign-off. 7 incident types.
AESPAttack Effectiveness
Scoring PlatformSCORING
Quantitative Effectiveness Score (0–100) and Defense Maturity Tier (DMT-1 to DMT-5) across detection efficacy, response speed, prevention, coverage, and remediation. Patent pending.
// CODE SUITE — DEEP DIVE

Blue-team operations, watching your detections in real time.

CODE keeps the defensive side honest — it watches whether your detection rules are still alive, enriches every alert with threat intelligence, ranks the smartest containment action, and seals incident evidence into a tamper-evident chain.

DRIFTDetection Rule Integrity & Field Telemetry MonitorRULE HEALTH
Scans every detection rule hourly and classifies each as healthy, degraded, or dead — so a silently-broken rule never leaves you blind. 51,012 rules monitored hourly.
OBSERVEROperational Behavior Surveillance & Event ResponseENRICHMENT
A five-stage enrichment pipeline that adds threat-intel reputation, ASN/geo, ATT&CK technique tags, and live rule-health to every alert. AbuseIPDB + VirusTotal feeds.
CHAINContainment Heuristics & Attack Interruption NetworkCONTAINMENT
Scores candidate containment actions before you act, using a kill-chain progression graph weighted by your own emulation history. Patent pending.
EVIDENCEEvent Verification & Digital Evidence NetworkCHAIN OF CUSTODY
An append-only, SHA-256-chained ledger for incident artifacts — defensible chain of custody that maps directly to regulatory requirements. Feeds SENTINEL.
// GHOST — DEEP DIVE

Detection coverage you can track as it drifts.

Coverage isn't a one-time audit — it decays as rules break, infrastructure changes, and adversaries evolve. GHOST tracks your ATT&CK coverage over time, scores the gap, and tells leadership exactly where the holes are opening.

DDSDetection Debt ScoreSCORING
A single 0–100 score for how much detection coverage you’ve lost or never had — the “technical debt” of your defenses, quantified. Patent pending.
CMLCoverage Maturity LevelMATURITY
A board-readable maturity tier (CML-1 to CML-5) summarizing how complete and reliable your ATT&CK coverage is. Mapped to MITRE ATT&CK.
COVERAGE STATESTechnique Coverage TrackingHEATMAP
A live per-technique heatmap of what you can detect, what’s partial, and what’s blind — fed automatically from PILA exercises and CODE rule health.
REGRESSION ALERTSCoverage Regression DetectionALERTING
Fires the moment coverage you previously had disappears — catching the silent regressions that turn a green dashboard into a false sense of security.
// SENTINEL — DEEP DIVE

One trust score, backed by cryptographic evidence.

SENTINEL is where it all comes together — it turns the results from PILA, CODE, and GHOST into a single, defensible posture score, with every input recorded as signed evidence so the number is provable, not just asserted.

SENTINEL SCOREPosture Trust RatingSCORING
A single posture score with letter-grade trust ratings, built from adversarial validation, incident-response fidelity, and continuous posture signals. Patent pending.
EVIDENCE LEDGERCryptographic AttestationATTESTATION
Every score input is recorded as SHA-256-attested evidence in an append-only ledger — so your security claims can be independently verified, not just trusted. Chain of custody intact.
DECAY MODELPer-Category Evidence DecayFRESHNESS
Evidence ages out at category-specific rates, so a score earned six months ago doesn’t mask today’s reality — your rating always reflects current posture. Patent pending.
TRUST RATINGSVendor & Posture GradesREPORTING
Translates the score into clear letter grades for procurement, audits, and executive reporting — the kind of credential a vendor could show a customer.
// OPEN CORE MODEL

Open source you can run today. Professional power when you need it.

The community edition is fully open source under Apache 2.0 — clone it and run it, no license key required. Professional unlocks the full automation and live-correlation engines.

Community FREE · APACHE 2.0

Everything you need to evaluate the platform from a clean git clone.

  • PSIL engagement documentation
  • Basic AESP effectiveness scoring
  • GHOST & SENTINEL read-only dashboards
  • Full API read access
View on GitHub →

Professional $149 / MONTH

The full platform — every engine, live detection correlation, all four products.

  • Full PILA (LMEP, IRV, AESP) + all CODE modules
  • GHOST sync & regression detection
  • SENTINEL evidence submission & attestation
  • Live ATT&CK heatmap, API write, ES integration
Get Professional Access →
// PRICING

One platform. Four products. Simple tiers.

Every paid tier includes all four products — PILA, CODE, GHOST, and SENTINEL — as one bundle. Start free, upgrade when you're ready.

COMMUNITY
Free
Open source, Apache 2.0. No key required.
  • PSIL + basic AESP scoring
  • GHOST / SENTINEL read-only
  • API read access
  • Self-hosted
Clone on GitHub
MOST POPULAR
PROFESSIONAL
$149/mo
The full platform — all four products, every engine.
  • Everything in Community
  • Full PILA + CODE modules
  • GHOST sync + regression
  • SENTINEL evidence + live correlation
Get Started
TEAM
$399/mo
For teams that need collaboration and history.
  • Everything in Professional
  • Multi-user access
  • Engagement history export
  • Priority support
Contact Sales
ENTERPRISE
Custom
On-prem, MSSP multi-tenant, white-label.
  • Everything in Team
  • On-prem / air-gapped
  • Custom TTP library + SLA
  • Multi-tenant MSSP mode
Contact Sales
// THE COMPANY

Built by a practitioner, in a real SOC.

ByTE X Bit Technologies LLC is an independent cybersecurity software company. The platform was designed and built in a production home-lab SOC running real detection tooling — Elasticsearch, Suricata, Zeek, Wazuh, Sysmon, and Splunk — not mocked up in a slide deck.

Every product is battle-tested against live attack traffic and real ATT&CK-mapped detections before it ships. The result is security automation built the way a defender actually works: evidence first, claims second.

The proprietary scoring and detection engines are protected; the community core is fully open under Apache 2.0 so you can verify and extend it yourself.

ENTITYByTE X Bit Technologies LLC
FORMATIONMaryland, USA
MODELOpen core · Apache 2.0
IPPatent pending
REPOSITORYgithub.com/nonducorduco311-cyber
CONTACT[email protected]

Ready to see proof your defenses work?

Clone the open-source community edition today, or get in touch for Professional access and a walkthrough of the full platform.

⬡ Clone on GitHub [email protected]