ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
☆140Feb 28, 2023Updated 3 years ago
Alternatives and similar repositories for ebpfkit-monitor
Users that are interested in ebpfkit-monitor are comparing it to the libraries listed below
Sorting:
- ebpfkit is a rootkit powered by eBPF☆839Feb 28, 2023Updated 3 years ago
- Linux Kernel Runtime Integrity with eBPF☆184Nov 23, 2023Updated 2 years ago
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆684Jul 7, 2024Updated last year
- CO-RE code for the Netdata eBPF plugin.☆16Mar 2, 2026Updated 2 weeks ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,949Apr 7, 2024Updated last year
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,665Oct 19, 2023Updated 2 years ago
- CVE-2022-3910☆12Mar 14, 2023Updated 3 years ago
- Collection of Linux eBPF slides/documents.☆982Nov 15, 2023Updated 2 years ago
- vArmor-ebpf is a specialized project dedicated to maintaining the BPF code utilized by vArmor.☆41Jan 26, 2026Updated last month
- A Linux Host-based Intrusion Detection System based on eBPF.☆458Dec 20, 2023Updated 2 years ago
- OPENED Tool to extract specific eBPF functions from large monoliths (tested on Katran, Mizar, Cilium..)☆14Jun 27, 2023Updated 2 years ago
- 利用chrome扩展 dump 浏览器cookie https://saucer-man.com/information_security/787.html☆15Sep 9, 2021Updated 4 years ago
- ☆12Sep 26, 2025Updated 5 months ago
- Detection of rootkit file hiding activities through analysis of shifts in kernel function execution times.☆29Sep 10, 2025Updated 6 months ago
- ☆11Sep 26, 2019Updated 6 years ago
- eBPF Programs☆65Jul 3, 2025Updated 8 months ago
- ☆22Jul 24, 2025Updated 7 months ago
- Container (Docker) escape exploits☆53Dec 15, 2021Updated 4 years ago
- Red Canary's eBPF Sensor☆113Mar 3, 2026Updated 2 weeks ago
- LSM BPF module to block pwnkit (CVE-2021-4034) like exploits☆21Feb 17, 2022Updated 4 years ago
- k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.☆301Aug 30, 2021Updated 4 years ago
- Fork from git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git (unstable and force pushed!)☆22Jun 15, 2023Updated 2 years ago
- ☆20Jun 13, 2022Updated 3 years ago
- Generate eBPF programs and tracing with ChatGPT☆271Mar 7, 2026Updated last week
- Vault Exploit Defense☆127Sep 7, 2024Updated last year
- Linux Runtime Security and Forensics using eBPF☆4,427Updated this week
- CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation☆579Jun 7, 2022Updated 3 years ago
- This repository is used to analysis the shared resources of different containers☆30Oct 22, 2024Updated last year
- a docker container behavior monitoring tool based on eBPF☆17Jul 22, 2023Updated 2 years ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆151Feb 16, 2022Updated 4 years ago
- Monitor and prevent unexpected behavior of Java programs.☆14Jul 6, 2021Updated 4 years ago
- Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)☆305Nov 30, 2024Updated last year
- A simple example of map_in_map usage in libbpf☆10Mar 18, 2020Updated 6 years ago
- Container Virtual Service☆13Aug 10, 2022Updated 3 years ago
- bouheki is KRSI(eBPF+LSM) based Linux security auditing tool.☆92Sep 21, 2025Updated 5 months ago
- SandFS helper library☆22Jan 25, 2020Updated 6 years ago
- ☆17Aug 25, 2022Updated 3 years ago
- Kubernetes offensive framework built in eBPF☆39Mar 14, 2023Updated 3 years ago
- ☆103Mar 8, 2022Updated 4 years ago