Acceis / eBPF-hide-PID
This tool have the power to hide any PID/directory in the Linux kernel
☆23Updated 6 months ago
Alternatives and similar repositories for eBPF-hide-PID:
Users that are interested in eBPF-hide-PID are comparing it to the libraries listed below
- kubernetes rootkit☆31Updated last year
- An eBPF detection program for CVE-2022-0847☆28Updated 2 years ago
- ☆47Updated 4 months ago
- Open Source eBPF Malware Analysis Framework☆47Updated 5 months ago
- A simple Meterpreter stager written in Rust.☆35Updated 6 months ago
- A collection of projects demonstrating various commandline cloaking techniques on Linux☆57Updated 2 years ago
- ☆15Updated 6 months ago
- Exploit for CVE-2021-25741 vulnerability☆28Updated 3 years ago
- ☆86Updated 8 months ago
- Dectect syscall hooking using eBPF☆149Updated last year
- Kubernetes offensive framework built in eBPF☆37Updated 2 years ago
- Container Excape PoC for CVE-2022-0847 "DirtyPipe"☆78Updated 2 years ago
- ☆31Updated 2 years ago
- Circumventing "noexec" mount flag to execute arbitrary linux binaries by ptrace-less process injection☆89Updated last month
- BPFDoor Source Code. Originally found from Chinese Threat Actor Red Menshen☆43Updated 2 years ago
- Command line interface for (running) BOFs☆42Updated 2 months ago
- ☆63Updated last year
- Dll hijack -- just one macro☆11Updated last year
- Disable SSL certificate verification for all binaries that use libssl☆49Updated 2 years ago
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆155Updated 6 months ago
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆127Updated 2 years ago
- NASM Linux x86_64 pure (no deps) shared library (.so), POC for Reflective ELF SO injection☆29Updated last year
- Mara is a userland pty/tty sniffer☆53Updated last year
- Linux rust keylogger☆15Updated last year
- PoC and Detection for CVE-2024-21626☆75Updated last year
- eBPF-based EDR for Linux☆17Updated 6 months ago
- Post-exploit a compromised etcd, gain persistence and remote shell to nodes.☆74Updated 10 months ago
- Paracosme is a zero-click remote memory corruption exploit that compromises ICONICS Genesis64 which was demonstrated successfully on stag…☆87Updated last year
- CO-RE code for the Netdata eBPF plugin.☆13Updated 4 months ago