landhb / DrawBridge
Layer 4 Single Packet Authentication Linux kernel module utilizing Netfilter hooks and kernel supported Berkeley Packet Filters (BPF)
☆113Updated last year
Alternatives and similar repositories for DrawBridge:
Users that are interested in DrawBridge are comparing it to the libraries listed below
- Whitelisting LD_PRELOAD libraries using LD_AUDIT☆62Updated 3 years ago
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆126Updated 2 years ago
- eBPF - extended Berkeley Packet Filter tooling☆123Updated 2 years ago
- Rootkit Detector for UNIX☆61Updated last year
- LKRG bypass methods☆71Updated 5 years ago
- A keystroke / terminal logger for Linux.☆216Updated 8 months ago
- ICMP and DNS tunneling via IPv4 and IPv6☆202Updated last year
- Kernel-Mode Rootkit Hunter☆366Updated 3 years ago
- ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)☆131Updated 7 years ago
- Linux 4.9 Loadable Kernel Module to hide processes from system utilities☆67Updated 6 years ago
- Example program using eBPF to log data being based in using shell pipes☆41Updated 4 years ago
- crypted admin shell: SSH-like strong crypto remote admin shell for Linux, BSD, Android, Solaris and OSX☆194Updated 6 months ago
- monitor and protect SSH sessions with eBPF☆66Updated 3 years ago
- This is a kernel module invoked reverse shell proof of concept.☆72Updated 5 years ago
- Linux v4.x.x Rootkit☆89Updated 8 months ago
- disable LD_PRELOAD on linux☆21Updated 8 years ago
- a friendly wrapper around ptrace☆132Updated 3 years ago
- Fully functional but simplified Linux Kernel Module (LKM) Rootkit for educational purposes☆60Updated 5 years ago
- Utility to execute ELF binary directly from stdin pipe.☆64Updated 2 years ago
- ☆92Updated 7 years ago
- Hide processes as a normal user in Linux.☆255Updated 8 months ago
- E2E encryption for multi-hop tty sessions or portshells + TCP/UDP port forward☆120Updated 4 months ago
- Vault Exploit Defense☆124Updated 6 months ago
- ELF Shared library injector using DT_NEEDED precedence infection. Acts as a permanent LD_PRELOAD☆110Updated 4 years ago
- A tool like /bin/ps but uses /proc/kcore for walking the tasklist; this finds hidden processes☆58Updated 10 years ago
- Tool to examine the behaviour of setuid binaries under constrained limits.☆62Updated 3 years ago
- ☆86Updated 8 months ago
- Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.☆225Updated 5 years ago
- egrets monitors egress☆45Updated 4 years ago
- An eBPF detection program for CVE-2022-0847☆28Updated 2 years ago