Alternatives and similar repositories for execmon:

Users that are interested in execmon are comparing it to the libraries listed below

• cormander / tpe-lkm
  Trusted Path Execution (TPE) Linux Kernel Module
  ☆158Updated 5 years ago
• cppcoffee / inl_hook
  a linux kernel function inline hooking library
  ☆30Updated 7 years ago
• ilammy / ftrace-hook
  Using ftrace for function hooking in Linux kernel
  ☆265Updated 3 years ago
• elfmaster / libelfmaster_examples
  Simple ELF tools written to demonstrate libelfmaster capabilities.
  ☆39Updated 6 years ago
• kkamagui / shadow-box-for-x86
  Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)
  ☆185Updated 5 years ago
• elfmaster / saruman
  ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
  ☆129Updated 6 years ago
• nccgroup / libptmalloc
  Heap analysis tooling for ptmalloc
  ☆44Updated 2 years ago
• jha / linux-kernel-hook
  A small kernel module that can hook arbitrary syscalls on x86_64
  ☆49Updated 5 years ago
• KVM-VMI / nitro
  ☆46Updated 6 years ago
• milabs / khook
  Linux Kernel hooking engine (x86)
  ☆339Updated 2 months ago
• En14c / PIvirus
  sample linux x86_64 ELF virus
  ☆53Updated 6 years ago
• honeynet / sebek
  ☆25Updated 11 years ago
• elfmaster / binflow
  This is the new ftrace (https://github.com/elfmaster/ftrace) - Much faster, better resolution but not complete yet! :)
  ☆107Updated 6 years ago
• tianweiz07 / Cloud_Integrity
  Using LibVMI to detect malware
  ☆31Updated 2 years ago
• slavaim / redirfs
  A Linux file system filter based on redirfs
  ☆33Updated 5 years ago
• bitdefender / libbdvmi
  ☆62Updated last year
• elfmaster / kdress
  Transform vmlinuz into a fully debuggable vmlinux that can be used with /proc/kcore
  ☆127Updated 4 months ago
• ixty / mandibule
  linux elf injector for x86 x86_64 arm arm64
  ☆330Updated 6 years ago
• ebradbury / linux-syscall-hooker
  A Linux kernel module that locates the system call table in memory and hooks uname. Contributions welcome!
  ☆59Updated 11 years ago
• sduverger / ld-shatner
  ld-linux code injector
  ☆49Updated 13 years ago
• sebastiencs / Packer_ELF
  ELF packer - x86_64
  ☆71Updated 9 years ago
• eyalz800 / zpp_hypervisor
  A very simple hypervisor for learning experience.
  ☆135Updated 3 years ago
• dgoulet / kjackal
  Linux Rootkit Scanner
  ☆87Updated 3 years ago
• elfmaster / ecfs
  extended core file snapshot format
  ☆222Updated 6 years ago
• emptymonkey / ptrace_do
  A ptrace library for easy syscall injection in Linux.
  ☆175Updated 7 months ago
• UNCSecLab / VMXXNR
  Implementation of a thin hypervisor
  ☆42Updated 8 years ago
• jiazhang0 / SELoader
  Secure EFI Loader designed to authenticate the non-PE files
  ☆48Updated 2 years ago
• therealdreg / lsrootkit
  Rootkit Detector for UNIX
  ☆62Updated last year
• node3 / Linux-Security-Module
  Kernel programming: This is a simple kernel module implementation for enforcing access control policies using Linux Security Module frame…
  ☆29Updated 6 years ago
• smcdef / kprobe-template
  kprobes template
  ☆56Updated 4 years ago