evilsocket/ebpf-process-anomaly-detection external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

evilsocket/ebpf-process-anomaly-detection

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/evilsocket/ebpf-process-anomaly-detection)

Close

evilsocket / ebpf-process-anomaly-detectionView on GitHubMore

• External links
• Readme badge

Process behaviour anomaly detection using eBPF and unsupervised-learning Autoencoders

☆140Aug 15, 2022Updated 3 years ago

Alternatives and similar repositories for ebpf-process-anomaly-detection

Users that are interested in ebpf-process-anomaly-detection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• evilsocket / sauron

  View on GitHub
  A minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules.
  ☆226Aug 19, 2022Updated 3 years ago
• cilium / little-vm-helper-images

  View on GitHub
  ☆23Updated this week
• BishopFox / burpcage

  View on GitHub
  ☆10May 25, 2023Updated 3 years ago
• congwang / ebpf-2-phase-signing

  View on GitHub
  ☆15Jan 30, 2025Updated last year
• metan-ucw / runltp-ng

  View on GitHub
  Minimalistic LTP testrunner
  ☆11Jul 28, 2022Updated 3 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• dmcgowan / lcontainerd

  View on GitHub
  Lightweight local libraries for containerd
  ☆12Mar 19, 2026Updated 2 months ago
• kubescape / node-agent

  View on GitHub
  Kubescape eBPF agent 🥷🏻
  ☆34Updated this week
• dfrojas / bpfluga

  View on GitHub
  a CLI tool for generating logs and metrics from eBPF telemetry, producing flamegraphs and actionable observability outputs
  ☆16Mar 28, 2025Updated last year
• Acceis / eBPF-hide-PID

  View on GitHub
  This tool have the power to hide any PID/directory in the Linux kernel
  ☆31Sep 13, 2024Updated last year
• alegrey91 / gypsylist

  View on GitHub
  A web scraper for nomadlist.com, made to avoid website restrictions.
  ☆11Dec 9, 2021Updated 4 years ago
• evilsocket / unisbom

  View on GitHub
  UniSBOM is a tool to build a software bill of materials on any platform with a unified data format.
  ☆36Sep 4, 2022Updated 3 years ago
• seclab-stonybrook / eaudit

  View on GitHub
  eAudit suite for recording provenance-related system calls on Linux
  ☆20May 20, 2026Updated 2 weeks ago
• JosephTLucas / wasm-plotly

  View on GitHub
  Demo of using WASM to sandbox Plotly execution
  ☆21Mar 30, 2025Updated last year
• evilsocket / jscythe

  View on GitHub
  Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code.
  ☆333Sep 9, 2024Updated last year
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• ait-aecid / rootkit-detection-ebpf-time-trace

  View on GitHub
  Detection of rootkit file hiding activities through analysis of shifts in kernel function execution times.
  ☆29Sep 10, 2025Updated 8 months ago
• willfindlay / bpfcontain-rs

  View on GitHub
  BPFContain is a container security daemon for GNU/Linux leveraging the power and safety of eBPF and Rust.
  ☆59Jun 30, 2022Updated 3 years ago
• dylandreimerink / mimic

  View on GitHub
  Mimic is a eBPF virtual machine and emulator which runs in userspace
  ☆30May 28, 2022Updated 4 years ago
• ShiftLeftSecurity / traceleft

  View on GitHub
  eBPF based syscalls, files and network events tracing framework
  ☆93Jul 24, 2020Updated 5 years ago
• akiraaisha / Privilege-Escalation

  View on GitHub
  This contains common OSCP local exploits and enumeration scripts
  ☆12Sep 18, 2015Updated 10 years ago
• containerscrew / rootisnaked

  View on GitHub
  Simple root privilege escalation detection using eBPF 🐝
  ☆35Feb 10, 2026Updated 3 months ago
• cisco-open / camblet-driver

  View on GitHub
  Linux Kernel module providing TLS, identity and running WASM
  ☆82Aug 12, 2024Updated last year
• hardenedvault / ved-ebpf

  View on GitHub
  VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF
  ☆171Sep 7, 2024Updated last year
• Magier / Ran

  View on GitHub
  Ran is an experimental offensive tool for Kubernetes clusters with the goal to enable quick emulation of adversary techniques and a colle…
  ☆35May 30, 2026Updated last week
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• pouriyajamshidi / flat

  View on GitHub
  Measure UDP and TCP connection latency for IPv4 and IPv6 using eBPF and Go
  ☆76Jun 2, 2026Updated last week
• airbus-cert / dirtypipe-ebpf_detection

  View on GitHub
  An eBPF detection program for CVE-2022-0847
  ☆29Jul 5, 2022Updated 3 years ago
• iogbole / ebpf-network-viz

  View on GitHub
  Getting Started with eBPF
  ☆26Nov 4, 2023Updated 2 years ago
• eeriedusk / knockles

  View on GitHub
  eBPF Port Knocking Tool
  ☆238Aug 23, 2023Updated 2 years ago
• metal-stack / go-hal

  View on GitHub
  server hardware abstraction, tries to lower the burden of supporting different server vendors
  ☆15May 29, 2026Updated last week
• zimage / eBPF-drop-rfc-3514

  View on GitHub
  This eBPF module will drop any IPv4 packets that have the RFC 3514 "evil bit" set.
  ☆18Jun 16, 2025Updated 11 months ago
• spiderpig1297 / kunkillable

  View on GitHub
  kunkillable is an LKM that makes userland processes unkillable.
  ☆17Sep 26, 2020Updated 5 years ago
• nickalie / go-binwrapper

  View on GitHub
  Binary wrapper that makes command line tools seamlessly available as local golang dependencies
  ☆22Feb 17, 2026Updated 3 months ago
• akiraaisha / PNG-IDAT-chunks

  View on GitHub
  PNG IDAT chunks ~ payload generator
  ☆15Jun 14, 2016Updated 9 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• googleinterns / hawk

  View on GitHub
  ☆18Nov 17, 2020Updated 5 years ago
• alegrey91 / harpoon

  View on GitHub
  🔍 Function-level tracing tool for Seccomp profiling, with eBPF
  ☆176Feb 23, 2026Updated 3 months ago
• Fare9 / KUNAI-static-analyzer

  View on GitHub
  Tool aimed to provide a binary analysis of different file formats through the use of an Intermmediate Representation.
  ☆146Mar 31, 2024Updated 2 years ago
• zirvaorg / ratelimit

  View on GitHub
  a basic net/http rate limiter middleware
  ☆13Sep 24, 2024Updated last year
• evilsocket / spycast

  View on GitHub
  A crossplatform mDNS enumeration tool.
  ☆364Sep 25, 2022Updated 3 years ago
• Gui774ume / krie

  View on GitHub
  Linux Kernel Runtime Integrity with eBPF
  ☆186Nov 23, 2023Updated 2 years ago
• dylandreimerink / edb

  View on GitHub
  An eBPF program debugger
  ☆216May 28, 2022Updated 4 years ago