The Linux port of the Sysinternals Sysmon tool.
☆281Feb 25, 2026Updated 3 weeks ago
Alternatives and similar repositories for SysinternalsEBPF
Users that are interested in SysinternalsEBPF are comparing it to the libraries listed below
Sorting:
- Sysmon for Linux☆2,079Mar 5, 2026Updated 2 weeks ago
- The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.☆65Jan 26, 2026Updated last month
- A Linux version of the Procmon Sysinternals tool☆4,641Updated this week
- An open source library for operating the Windows Overlay Filter driver.☆22Jan 16, 2019Updated 7 years ago
- The BTFhub Archive repository provides BTF files for those published kernels that lack native support for embedded BTF, thereby enhancing…☆133Mar 6, 2026Updated 2 weeks ago
- A Linux version of the ProcDump Sysinternals tool☆3,060Nov 11, 2025Updated 4 months ago
- BTFhub, in collaboration with the BTFhub Archive repository, supplies BTF files for all published kernels that lack native support for em…☆470Mar 11, 2026Updated last week
- ☆15Apr 28, 2023Updated 2 years ago
- ebpfkit is a rootkit powered by eBPF☆839Feb 28, 2023Updated 3 years ago
- ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.☆119Feb 13, 2026Updated last month
- Configurations for DFIR ORC☆28Mar 28, 2024Updated last year
- ☆24Jan 12, 2026Updated 2 months ago
- Dectect syscall hooking using eBPF☆169Apr 28, 2023Updated 2 years ago
- A repository of sysmon configuration modules☆2,994Aug 21, 2024Updated last year
- iptables-trace is an eBPF enhanced iptables-TRACE alternative iptables TRACE. GPL-3.0 license☆14Feb 3, 2025Updated last year
- Golang Tool to interact with Launchd and other services with XPC☆29May 7, 2020Updated 5 years ago
- Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)☆305Nov 30, 2024Updated last year
- A Powershell script for frequency analysis of separated values data files.☆17Jan 22, 2014Updated 12 years ago
- GoBPFLD is a pure go eBPF loader/userspace library☆20Feb 5, 2022Updated 4 years ago
- ☆16Apr 16, 2017Updated 8 years ago
- eBPF implementation that runs on top of Windows☆3,447Updated this week
- Host Discovery Tool☆10Jan 17, 2022Updated 4 years ago
- A K8s ClusterIP HTTP monitoring library based on eBPF☆19May 23, 2021Updated 4 years ago
- ☆13Apr 30, 2020Updated 5 years ago
- This repository contains a set of rules samples that can be directly used with Trellix Endpoint Security, in the Exploit Prevention polic…☆29Feb 26, 2026Updated 3 weeks ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,949Apr 7, 2024Updated last year
- Linux Kernel module for Carbon Black EDR☆12Dec 11, 2020Updated 5 years ago
- Set of scripts to index PCAP files and retrieve packets☆14Sep 10, 2015Updated 10 years ago
- An eBPF kernel Observable Agent To Spy Performance Issue On OS.☆13Oct 31, 2025Updated 4 months ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆151Feb 16, 2022Updated 4 years ago
- Exploring RPC interfaces on Windows☆346Jan 30, 2024Updated 2 years ago
- ☆92Dec 5, 2025Updated 3 months ago
- Indicators of compromise☆17Jan 29, 2026Updated last month
- sopacker是一个用于打包可执行文件和动态库的脚本工程. 生成的新可执行文件可以在大部分Linux上运行. sopacker is a script for packaging an executable file and all its dependent dynam…☆16Nov 14, 2025Updated 4 months ago
- TrustedSec Sysinternals Sysmon Community Guide☆1,383Feb 10, 2026Updated last month
- Elastic Security detection content for Endpoint☆1,384Updated this week
- This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2☆124Nov 19, 2020Updated 5 years ago
- ☆78Sep 29, 2025Updated 5 months ago
- Linux Kernel Runtime Integrity with eBPF☆184Nov 23, 2023Updated 2 years ago