Back to All Tools

Syd – An offline-first, AI-augmented workstation for blue teams

Hacker News (score: 16)
Visit Tool
Found: November 24, 2025
ID: 2486

Description

Other
Syd – An offline-first, AI-augmented workstation for blue teams Hi HN, I’m Paul. I’m building Syd, an offline-first forensic workstation that orchestrates tools like YARA and Nmap through a GUI, using a local LLM to analyze the results without leaking data. It runs completely offline on localhost—no data is ever sent to the cloud, making it safe for sensitive investigations.

Here's a demo: https://www.youtube.com/watch?v=8dQV3JbLrRE.

I built this because while tools like YARA are powerful, managing rule sets and decoding hex strings is slow. AI is great at explaining malware signatures, but I couldn't use ChatGPT for my work because pasting potential malware or sensitive logs into a web form is a massive security risk. I needed the intelligence of an LLM but with the privacy of an air-gapped machine.

Under the hood, it’s built on Python 3. I use subprocess to manage the heavy lifting of the scanning engines so the UI (built with CustomTkinter) doesn't freeze. The "secret sauce" isn't the AI itself, but the parser I wrote that converts the unstructured text output from YARA into a structured JSON format that the local LLM can actually understand and reason about.

I’ve been using it to triage files for my own learning. In one case, Syd flagged a file matching a "SilentBanker" rule and the AI pointed out specific API calls for keylogging, saving me about 20 minutes of manual hex-editing. In the demo video linked, you can see this workflow: scanning a directory, hitting on a custom YARA rule, and having the local AI immediately analyze the strings.

Through this process, I learned that "AI wrappers" are easy, but AI orchestration is hard—getting the tools to output clean data for the LLM is the real challenge. I'd love to hear if there are other static analysis tools (like PEStudio or Capa) you consider essential for a workstation like this, or how you currently handle the privacy risk of using AI for log analysis.

More from Hacker

Generate QR Codes with Pure SQL in PostgreSQL

Generate QR Codes with Pure SQL in PostgreSQL

Obelisk 0.32: Cancellation, WebAPI, Postgres

Obelisk 0.32: Cancellation, WebAPI, Postgres

Show HN: A Claude Code plugin that catch destructive Git and filesystem commands

Show HN: A Claude Code plugin that catch destructive Git and filesystem commands

Show HN: Rust/WASM lighting data toolkit – parses legacy formats, generates SVGs

Show HN: Rust/WASM lighting data toolkit – parses legacy formats, generates SVGs Hi HN, I&#x27;m Holger, a developer who worked in the lighting industry.<p>I built this to scratch my own itch and put it on crates.io and PyPI where nothing like it existed.<p>The old file formats (EULUMDAT from 1990, IES from 1991) still work fine for basic photometry. But the industry is moving toward spectral data – full wavelength distributions instead of just lumen values.<p>The new standards (TM-33, ATLA-S001) are barely supported by existing tools.<p>So this handles both: legacy formats for compatibility, spectral data for anyone who wants to work with the new standards.<p>Stack: Rust core, then UniFFI for bindings. One codebase compiles to WASM&#x2F;Leptos, egui, SwiftUI, Jetpack Compose, PyO3.<p>At one point the generated Swift boilerplate got so large GitHub classified it as a Swift project. 3D viewer is Bevy, loaded on-demand.<p>Feedback welcome – especially on the SVG output and the 3D viewer.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;holg&#x2F;eulumdat-rs" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;holg&#x2F;eulumdat-rs</a> (MIT&#x2F;Apache-2.0)

No other tools from this source yet.