We do not replace your scanners, your pentest framework or your EDR. Obexum sits in a layer underneath all of them. Below is the side-by-side that lets you sanity-check the value before buying.
| Vuln scanners | Obexum | |
|---|---|---|
| Primary mode | CVE matching against installed packages | AD/Linux misconfiguration audit |
| ADCS ESC1-15 coverage | Partial / via plugins | Native, every batch |
| Kerberos abuse paths | Limited | 10 dedicated checks |
| BloodHound ACL primitives | None | 12 dedicated checks |
| FP rate on a clean Server 2022 | Dozens of "informational" | Zero |
| Remediation playbook shipped per finding | Severity + CVE-link only | 55 PowerShell/bash playbooks with rollback |
| Engagement-grade evidence | Summary only | Raw probe output preserved |
| Deployment | SaaS or appliance | 30-MB single binary |
| Pentest frameworks | Obexum | |
|---|---|---|
| What they do | Try to exploit, simulate adversary | Find misconfigs that would let exploitation succeed |
| When to run | Engagement / red-team week | Continuously / scheduled |
| Reproducibility | Variable (LLM-driven) | Bit-exact (deterministic) |
| FP discussion | N/A — success is the goal | Zero FPs is the contract |
| Output | Exploitation findings + intel | Defensible audit + remediation playbooks |
| Audience | Red team / pentesters | Blue team / auditors / MSSPs |
| EDR | Obexum | |
|---|---|---|
| Primary mode | Detect attacks while happening | Find configurations that would let attacks succeed |
| Runtime presence | Continuous agent | None — pull-based, no agent |
| Counters Defender bypass | Detects in flight | Closes the bypass primitive (PRIV-007 AMSI provider, etc.) |
| Audit trail | Real-time alerts | Engagement directory archived per scan |
| Complementary? | Yes, Obexum reduces what your EDR has to detect | — |
Obexum is the inspector that finds the cracks in the wall while there is still time to fix them. Your scanners track CVEs. Your pentesters try to break in. Your EDR watches the perimeter. Obexum makes sure the door is locked before any of them have to do their jobs.