evilsocket/ebpf-process-anomaly-detection external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

evilsocket/ebpf-process-anomaly-detection

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/evilsocket/ebpf-process-anomaly-detection)

Close

evilsocket / ebpf-process-anomaly-detectionView on GitHubMore

• External links
• Readme badge

Process behaviour anomaly detection using eBPF and unsupervised-learning Autoencoders

☆139Aug 15, 2022Updated 3 years ago

Alternatives and similar repositories for ebpf-process-anomaly-detection

Users that are interested in ebpf-process-anomaly-detection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• evilsocket / sauron

  View on GitHub
  A minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules.
  ☆229Aug 19, 2022Updated 3 years ago
• cilium / little-vm-helper-images

  View on GitHub
  ☆22May 13, 2026Updated last week
• BishopFox / burpcage

  View on GitHub
  ☆10May 25, 2023Updated 2 years ago
• congwang / ebpf-2-phase-signing

  View on GitHub
  ☆15Jan 30, 2025Updated last year
• metan-ucw / runltp-ng

  View on GitHub
  Minimalistic LTP testrunner
  ☆11Jul 28, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• evilsocket / kitsune

  View on GitHub
  🧠 🔎 🤖 Kitsune is an artificial neural network designed to detect and correlate Twitter profiles with similar behaviours.
  ☆245Jun 6, 2022Updated 3 years ago
• dmcgowan / lcontainerd

  View on GitHub
  Lightweight local libraries for containerd
  ☆12Mar 19, 2026Updated 2 months ago
• kubescape / node-agent

  View on GitHub
  Kubescape eBPF agent 🥷🏻
  ☆33May 12, 2026Updated last week
• dfrojas / bpfluga

  View on GitHub
  a CLI tool for generating logs and metrics from eBPF telemetry, producing flamegraphs and actionable observability outputs
  ☆16Mar 28, 2025Updated last year
• Matrix86 / driplane

  View on GitHub
  Event-driven automation pipelines — monitor anything, react to everything.
  ☆89Apr 29, 2026Updated 3 weeks ago
• Acceis / eBPF-hide-PID

  View on GitHub
  This tool have the power to hide any PID/directory in the Linux kernel
  ☆31Sep 13, 2024Updated last year
• alegrey91 / gypsylist

  View on GitHub
  A web scraper for nomadlist.com, made to avoid website restrictions.
  ☆11Dec 9, 2021Updated 4 years ago
• evilsocket / medusa

  View on GitHub
  A fast and secure multi protocol honeypot.
  ☆330Sep 9, 2022Updated 3 years ago
• maurapintor / unica_mlsec_labs

  View on GitHub
  ☆11Dec 17, 2024Updated last year
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• ait-aecid / rootkit-detection-ebpf-time-trace

  View on GitHub
  Detection of rootkit file hiding activities through analysis of shifts in kernel function execution times.
  ☆29Sep 10, 2025Updated 8 months ago
• willfindlay / bpfcontain-rs

  View on GitHub
  BPFContain is a container security daemon for GNU/Linux leveraging the power and safety of eBPF and Rust.
  ☆59Jun 30, 2022Updated 3 years ago
• dylandreimerink / mimic

  View on GitHub
  Mimic is a eBPF virtual machine and emulator which runs in userspace
  ☆29May 28, 2022Updated 3 years ago
• krisnova / double-slit-experiment

  View on GitHub
  Identify containers at runtime and observe them. No container runtime required. Read only access to the kernel.
  ☆16Jul 24, 2021Updated 4 years ago
• akiraaisha / Privilege-Escalation

  View on GitHub
  This contains common OSCP local exploits and enumeration scripts
  ☆12Sep 18, 2015Updated 10 years ago
• ict / creddump7

  View on GitHub
  ☆14Apr 29, 2019Updated 7 years ago
• containerscrew / rootisnaked

  View on GitHub
  Simple root privilege escalation detection using eBPF 🐝
  ☆35Feb 10, 2026Updated 3 months ago
• hardenedvault / ved-ebpf

  View on GitHub
  VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF
  ☆171Sep 7, 2024Updated last year
• airbus-cert / dirtypipe-ebpf_detection

  View on GitHub
  An eBPF detection program for CVE-2022-0847
  ☆29Jul 5, 2022Updated 3 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• iogbole / ebpf-network-viz

  View on GitHub
  Getting Started with eBPF
  ☆27Nov 4, 2023Updated 2 years ago
• solo-io / bumblebee

  View on GitHub
  Get eBPF programs running from the cloud to the kernel in 1 line of bash
  ☆1,301Apr 17, 2025Updated last year
• eeriedusk / knockles

  View on GitHub
  eBPF Port Knocking Tool
  ☆238Aug 23, 2023Updated 2 years ago
• dnfield / dart_calendar

  View on GitHub
  ☆16Jun 20, 2021Updated 4 years ago
• metal-stack / go-hal

  View on GitHub
  server hardware abstraction, tries to lower the burden of supporting different server vendors
  ☆15Apr 21, 2026Updated 3 weeks ago
• nickalie / go-binwrapper

  View on GitHub
  Binary wrapper that makes command line tools seamlessly available as local golang dependencies
  ☆22Feb 17, 2026Updated 3 months ago
• googleinterns / hawk

  View on GitHub
  ☆18Nov 17, 2020Updated 5 years ago
• alegrey91 / harpoon

  View on GitHub
  🔍 Function-level tracing tool for Seccomp profiling, with eBPF
  ☆176Feb 23, 2026Updated 2 months ago
• Fare9 / KUNAI-static-analyzer

  View on GitHub
  Tool aimed to provide a binary analysis of different file formats through the use of an Intermmediate Representation.
  ☆145Mar 31, 2024Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• dreadnode / research

  View on GitHub
  General research for Dreadnode
  ☆27Jun 17, 2024Updated last year
• zirvaorg / ratelimit

  View on GitHub
  a basic net/http rate limiter middleware
  ☆13Sep 24, 2024Updated last year
• mostynb / zstdpool-syncpool

  View on GitHub
  go sync.Pool wrapper for github.com/klauspost/compress/zstd which doesn't leak memory and goroutines.
  ☆12May 7, 2023Updated 3 years ago
• dylandreimerink / edb

  View on GitHub
  An eBPF program debugger
  ☆215May 28, 2022Updated 3 years ago
• CN-TU / machine-learning-in-ebpf

  View on GitHub
  This repository contains the code for the paper "A flow-based IDS using Machine Learning in eBPF", Contact: Maximilian Bachl
  ☆112Aug 11, 2025Updated 9 months ago
• bpfman / bpfman-operator

  View on GitHub
  Kubernetes operator for bpfman
  ☆37May 13, 2026Updated last week
• evdenis / lsm_bpf_check_argc0

  View on GitHub
  LSM BPF module to block pwnkit (CVE-2021-4034) like exploits
  ☆21Feb 17, 2022Updated 4 years ago