Switch RedEdr to source-built EXE

CHANGELOG.md

@@ -93,6 +93,7 @@ All notable changes to this project will be documented in this file.
 - Hollows-Hunter refreshed to 0.4.1.2 (commit `e271f7e`, 2026-04-18)
 - Moneta refreshed (commit `5b65395`, 2024-03-16)
 - Hunt-Sleeping-Beacons refreshed (commit `84dd3a9`, 2026-01-25)
+- RedEdr switched from upstream release binary (0.9, 5.6 MB) to source-built EXE-only (`3bd6b97`, 2026-05-03, 640 KB) — Driver / DLL / PplService projects skipped (`/t:RedEdr`); LitterBox's RedEdr usage is ETW-only so the bundled components weren't needed
 - YARA rules restructured under `Scanners/Yara/rules/` into `elastic-yara/` and `YARAForge/` subdirs; orchestrator `LitterBox.yar` regenerated to match the new layout
 - Elastic YARA rules synced to upstream `d131ea8` (2026-04-30, 686 rules — 684 upstream + Morpes/Torii retained locally after Elastic rotated them out)
 - YARA-Forge bumped to 0.9.1 (release `20260503`, 2026-05-03) — separate `YARAForge_Extended.yar` pack alongside the Elastic rules

README.md

@@ -77,7 +77,7 @@ Bundled binaries under `Scanners/`. Versions and last-update dates tracked here
 | [Moneta](https://github.com/forrest-orr/moneta) | `5b65395` | 2024-03-16 | forrest-orr/moneta |
 | [Patriot](https://github.com/joe-desimone/patriot) | — | 2024-12-29 | joe-desimone/patriot |
 | [Hunt-Sleeping-Beacons](https://github.com/thefLink/Hunt-Sleeping-Beacons) | `84dd3a9` | 2026-01-25 | thefLink/Hunt-Sleeping-Beacons |
-| [RedEdr](https://github.com/dobin/RedEdr) | 0.9 (release) | 2026-04-12 | dobin/RedEdr |
+| [RedEdr](https://github.com/dobin/RedEdr) | `3bd6b97` (EXE-only build) | 2026-05-03 | dobin/RedEdr |
 | [YARA](https://github.com/VirusTotal/yara/releases) (engine `yara64.exe`) | — | 2024-12-29 | VirusTotal/yara |
 | Elastic YARA rules (`Scanners/Yara/rules/elastic-yara/`) | `d131ea8` | 2026-04-30 | elastic/protections-artifacts |
 | YARA-Forge Extended (`Scanners/Yara/rules/YARAForge/`) | 0.9.1 (release `20260503`) | 2026-05-03 | YARAHQ/yara-forge |