ebpfkit is a rootkit powered by eBPF
☆847Feb 28, 2023Updated 3 years ago
Alternatives and similar repositories for ebpfkit
Users that are interested in ebpfkit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆690Jul 7, 2024Updated last year
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆141Feb 28, 2023Updated 3 years ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,962Apr 7, 2024Updated 2 years ago
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,670Oct 19, 2023Updated 2 years ago
- A Linux Host-based Intrusion Detection System based on eBPF.☆456Dec 20, 2023Updated 2 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Linux Kernel Runtime Integrity with eBPF☆186Nov 23, 2023Updated 2 years ago
- Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and ser…☆2,644May 11, 2026Updated last month
- Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)☆304May 24, 2026Updated 3 weeks ago
- Collection of Linux eBPF slides/documents.☆979Nov 15, 2023Updated 2 years ago
- a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志☆244May 8, 2019Updated 7 years ago
- CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation☆575Jun 7, 2022Updated 4 years ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,366Apr 27, 2026Updated last month
- awesome-linux-rootkits☆2,069Feb 15, 2026Updated 4 months ago
- Linux EDR written in Golang and based on eBPF.☆248May 24, 2022Updated 4 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- ☆27Nov 24, 2021Updated 4 years ago
- A golang ebpf libary based on cilium/ebpf and datadog/ebpf.☆351May 18, 2025Updated last year
- Scaffolding for BPF application development with libbpf and BPF CO-RE☆1,494May 31, 2026Updated 2 weeks ago
- ☆83Jan 23, 2022Updated 4 years ago
- Practice Go programming and implement CobaltStrike's Beacon in Go☆1,269Oct 2, 2020Updated 5 years ago
- ebpf WebShell/内核马,一种新型内核马/WebShell技术☆353Jan 8, 2024Updated 2 years ago
- Credentials Dumper for Linux using eBPF☆1,157Sep 9, 2024Updated last year
- bpflock - eBPF driven security for locking and auditing Linux machines☆154Feb 16, 2022Updated 4 years ago
- Automated upstream mirror for libbpf stand-alone build.☆2,709Jun 5, 2026Updated last week
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Linux Kernel Hacking☆763Apr 10, 2024Updated 2 years ago
- 📦 Make security testing of K8s, Docker, and Containerd easier.☆4,676May 1, 2026Updated last month
- Self‑healing Gossip Mesh C2 with Assisted Peer Discovery, Modular Post‑Exploitation, and OPSEC‑Focused Transport☆1,707Jun 3, 2026Updated last week
- Converts PE into a shellcode☆2,775Aug 30, 2025Updated 9 months ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,283Aug 27, 2023Updated 2 years ago
- ETrace is a syscall tracing utility powered by eBPF☆27Feb 26, 2023Updated 3 years ago
- Adversary Emulation Framework☆11,362Jun 3, 2026Updated last week
- k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.☆301Aug 30, 2021Updated 4 years ago
- Red-Team LKM☆645May 31, 2026Updated 2 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- 检测绝大部分所谓的内存免杀马☆732Sep 15, 2022Updated 3 years ago
- /root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.☆352Feb 5, 2023Updated 3 years ago
- A curated list of awesome projects related to eBPF.☆5,088Jun 2, 2026Updated last week
- 恶意代码逃逸源代码 http://payloads.online☆757Mar 7, 2022Updated 4 years ago
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆1,493Apr 10, 2023Updated 3 years ago
- [WIP] 整理过去我和K8s、容器、虚拟化相关的分享 🧐☆3,161Nov 6, 2025Updated 7 months ago
- Exploit tool implemented using ebpf.☆213Jun 1, 2026Updated 2 weeks ago