Alternatives and similar repositories for ved-ebpf

Users that are interested in ved-ebpf are comparing it to the libraries listed below

• h3xduck / TripleCross

  View on GitHub
  A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
  ☆1,937Apr 7, 2024Updated last year
• CiscoCXSecurity / unix-audit

  View on GitHub
  Framework for generating audit commands for Unix security audits
  ☆66Aug 1, 2023Updated 2 years ago
• hardenedvault / ved

  View on GitHub
  Vault Exploit Defense
  ☆127Sep 7, 2024Updated last year
• chenyueqi / hotBPF

  View on GitHub
  ☆15Apr 28, 2023Updated 2 years ago
• mrtc0 / bouheki

  View on GitHub
  bouheki is KRSI(eBPF+LSM) based Linux security auditing tool.
  ☆92Sep 21, 2025Updated 4 months ago
• Gui774ume / krie

  View on GitHub
  Linux Kernel Runtime Integrity with eBPF
  ☆184Nov 23, 2023Updated 2 years ago
• pathtofile / bad-bpf

  View on GitHub
  A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29
  ☆680Jul 7, 2024Updated last year
• riesha / drv-vuln-scanner

  View on GitHub
  Finds imports that could be exploited, still requires manual analysis.
  ☆29Nov 9, 2022Updated 3 years ago
• nikhilh-20 / ELFEN

  View on GitHub
  ELFEN: Automated Linux Malware Analysis Sandbox
  ☆136Aug 20, 2025Updated 5 months ago
• redcanaryco / ebpfmon

  View on GitHub
  ☆91Dec 5, 2025Updated 2 months ago
• Tamirye / Find-SensitiveAzStorageAccounts

  View on GitHub
  A PowerShell script designed to detect misconfigured Azure Storage Accounts that could potentially be exploited for privilege escalation …
  ☆13Apr 25, 2024Updated last year
• Scorpion-Security-Labs / OpenHashAPI

  View on GitHub
  OpenHashAPI provides a secure method of communicating hashes and enables lightweight workflows for security practitioners and enthusiasts…
  ☆13Oct 27, 2024Updated last year
• zimnyaa / beepsyscall

  View on GitHub
  An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.
  ☆16Nov 1, 2023Updated 2 years ago
• silascutler / awesome-docker-malware-analysis

  View on GitHub
  Repository of tools and resources for analyzing Docker containers
  ☆72Nov 20, 2023Updated 2 years ago
• xpn / stego-playground

  View on GitHub
  ☆36Oct 26, 2023Updated 2 years ago
• Antonlovesdnb / DockerDetectionNotes

  View on GitHub
  Some of my rough notes for Docker threat detection
  ☆49Aug 26, 2023Updated 2 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆243Sep 26, 2023Updated 2 years ago
• S12cybersecurity / DumpLsass

  View on GitHub
  C++ Code to perform a MiniDump of lsass.exe
  ☆36Aug 2, 2023Updated 2 years ago
• elManto / LLVMPassesForSecurity

  View on GitHub
  Source code of a few LLVM passes that I wrote to learn and that now I am sharing for my LLVM course for security engineering
  ☆28Sep 16, 2022Updated 3 years ago
• krisnova / boopkit

  View on GitHub
  Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
  ☆1,659Oct 19, 2023Updated 2 years ago
• YuanchengJiang / recipe-benchmark

  View on GitHub
  Source code of AsiaCCS'22 paper - RecIPE: Revisiting the Evaluation of Memory Error Defenses
  ☆13Sep 19, 2023Updated 2 years ago
• gmh5225 / Driver-SoulExtraction

  View on GitHub
  SoulExtraction is a windows driver library for extracting cert information in windows drivers
  ☆25Feb 12, 2023Updated 3 years ago
• Nadharm / CoVirt

  View on GitHub
  A dynamically loadable virtual-machine based rootkit designed for Linux Kernel v5.13.0 using AMD-V (SVM).
  ☆36Oct 26, 2025Updated 3 months ago
• rhotav / PT_LOAD-Injector

  View on GitHub
  An injector that use PT_LOAD technique
  ☆12Nov 27, 2022Updated 3 years ago
• codewhitesec / daphne

  View on GitHub
  Proof-of-Concept to evade auditd by tampering via ptrace
  ☆18Aug 3, 2023Updated 2 years ago
• elastic / Silhouette

  View on GitHub
  Keep it secret, keep it safe
  ☆80Feb 6, 2025Updated last year
• Gui774ume / ebpfkit

  View on GitHub
  ebpfkit is a rootkit powered by eBPF
  ☆831Feb 28, 2023Updated 2 years ago
• Macmod / malkom

  View on GitHub
  Malkom is an extensible and simple similarity graph generator for malware analysis aimed at helping analysts visualize and cluster sets o…
  ☆17Apr 6, 2023Updated 2 years ago
• rssys / shard

  View on GitHub
  ☆13Oct 17, 2021Updated 4 years ago
• CiscoCXSecurity / udpy_proto_scanner

  View on GitHub
  udpy_proto_scanner is a Python script which discovers UDP services by sending triggers to a list of hosts
  ☆46Aug 1, 2023Updated 2 years ago
• trailofbits / ebpfpub

  View on GitHub
  ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.
  ☆119Dec 15, 2025Updated last month
• sliverarmory / hashdump

  View on GitHub
  Dump Windows SAM hashes
  ☆42Aug 9, 2023Updated 2 years ago
• naksyn / ProcessStomping

  View on GitHub
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆148Dec 16, 2023Updated 2 years ago
• sefcom / KHeaps

  View on GitHub
  Playing for {K (H) eaps}: Understanding and Improving Linux Kernel Exploit Reliability
  ☆91May 12, 2022Updated 3 years ago
• TurtleARM / CVE-2023-0179-PoC

  View on GitHub
  ☆215Mar 29, 2024Updated last year
• vu-ls / applywdac

  View on GitHub
  ☆23Mar 4, 2025Updated 11 months ago
• florylsk / SignatureGate

  View on GitHub
  Weaponized HellsGate/SigFlip
  ☆204Jun 7, 2023Updated 2 years ago
• MFMokbel / Crawlector

  View on GitHub
  Crawlector is a threat hunting framework designed for scanning websites for malicious objects.
  ☆124Dec 13, 2025Updated 2 months ago
• iammaguire / Salient-Rootkit

  View on GitHub
  A kernel mode Windows rootkit in development.
  ☆49Dec 31, 2021Updated 4 years ago