ebpfkit is a rootkit powered by eBPF
☆838Feb 28, 2023Updated 3 years ago
Alternatives and similar repositories for ebpfkit
Users that are interested in ebpfkit are comparing it to the libraries listed below
Sorting:
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆684Jul 7, 2024Updated last year
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆140Feb 28, 2023Updated 3 years ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,945Apr 7, 2024Updated last year
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,664Oct 19, 2023Updated 2 years ago
- A Linux Host-based Intrusion Detection System based on eBPF.☆457Dec 20, 2023Updated 2 years ago
- Linux Kernel Runtime Integrity with eBPF☆184Nov 23, 2023Updated 2 years ago
- Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and ser…☆2,578Updated this week
- Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)☆305Nov 30, 2024Updated last year
- a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志☆245May 8, 2019Updated 6 years ago
- Linux EDR written in Golang and based on eBPF.☆243May 24, 2022Updated 3 years ago
- Linux Runtime Security and Forensics using eBPF☆4,406Updated this week
- CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation☆579Jun 7, 2022Updated 3 years ago
- Collection of Linux eBPF slides/documents.☆982Nov 15, 2023Updated 2 years ago
- awesome-linux-rootkits☆2,032Feb 15, 2026Updated 2 weeks ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,264Jan 24, 2026Updated last month
- Practice Go programming and implement CobaltStrike's Beacon in Go☆1,262Oct 2, 2020Updated 5 years ago
- Converts PE into a shellcode☆2,747Aug 30, 2025Updated 6 months ago
- 恶意代码逃逸源代码 http://payloads.online☆758Mar 7, 2022Updated 4 years ago
- Self‑healing Gossip Mesh C2 with Assisted Peer Discovery, Modular Post‑Exploitation, and OPSEC‑Focused Transport☆1,691Feb 25, 2026Updated last week
- Credentials Dumper for Linux using eBPF☆1,158Sep 9, 2024Updated last year
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,254Aug 27, 2023Updated 2 years ago
- Scaffolding for BPF application development with libbpf and BPF CO-RE☆1,442Feb 27, 2026Updated last week
- 📦 Make security testing of K8s, Docker, and Containerd easier.☆4,568Feb 23, 2026Updated last week
- CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon,其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能☆731Sep 1, 2021Updated 4 years ago
- Adversary Emulation Framework☆10,759Updated this week
- 检测绝大部分所谓的内存免杀马☆735Sep 15, 2022Updated 3 years ago
- 绕3环的shellcode免杀框架☆574Mar 19, 2021Updated 4 years ago
- A golang ebpf libary based on cilium/ebpf and datadog/ebpf.☆348May 18, 2025Updated 9 months ago
- ebpf WebShell/内核马,一种新型内核马/WebShell技术☆352Jan 8, 2024Updated 2 years ago
- ☆2,168Feb 21, 2023Updated 3 years ago
- [WIP] 整理过去我和K8s、容器、虚拟化相关的分享 🧐☆3,147Nov 6, 2025Updated 4 months ago
- OrcaC2是一款基于Websocket加密通信的多功能C&C框架,使用Golang实现。☆676Dec 30, 2022Updated 3 years ago
- Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具,它的定位在于能够在静态查杀上规避一�些我们将要执行且含有特征的…☆929Jan 7, 2026Updated last month
- a webshell resides in the memory of java web server☆699Jun 26, 2018Updated 7 years ago
- Linux Kernel Hacking☆750Apr 10, 2024Updated last year
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆1,488Apr 10, 2023Updated 2 years ago
- Redress - A tool for analyzing stripped Go binaries☆1,151Feb 23, 2026Updated last week
- 清除Go编译时自带的信息☆855Jul 20, 2022Updated 3 years ago
- ☆85Jan 23, 2022Updated 4 years ago