microsoft / SysinternalsEBPFLinks
The Linux port of the Sysinternals Sysmon tool.
☆275Updated last month
Alternatives and similar repositories for SysinternalsEBPF
Users that are interested in SysinternalsEBPF are comparing it to the libraries listed below
Sorting:
- Red Canary's eBPF Sensor☆109Updated 2 months ago
- convert ELF/DWARF symbol and type information into vol3's intermediate JSON☆130Updated 10 months ago
- This repository contains the demo material built on top of ebpf-for-windows platform.☆45Updated 11 months ago
- Windows Registry Knowledge Base☆180Updated 10 months ago
- A wireshark plugin to instrument ETW☆565Updated 3 years ago
- ☆89Updated last year
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆164Updated 11 months ago
- Detection in the form of Yara, Snort and ClamAV signatures.☆237Updated 9 months ago
- Library and tools to access the Windows XML Event Log (EVTX) format☆213Updated 11 months ago
- View ETW Provider manifest☆530Updated 9 months ago
- The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.☆64Updated 7 months ago
- Linpmem is a linux memory acquisition tool☆87Updated 2 months ago
- Security testing tools for Windows sandboxing technologies☆175Updated 3 months ago
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆135Updated 2 years ago
- Sysmon for Linux☆1,941Updated last month
- Anything Sysmon related from the MSTIC R&D team☆156Updated last year
- Linux Kernel Runtime Integrity with eBPF☆182Updated last year
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆255Updated 2 years ago
- capemon: CAPE's monitor☆125Updated last week
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 5 years ago
- A DTrace on Windows Reimplementation☆352Updated 6 months ago
- Dectect syscall hooking using eBPF☆161Updated 2 years ago
- Vault Exploit Defense☆129Updated 11 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆78Updated 8 months ago
- MSR Project Freta☆77Updated last year
- An eBPF playground☆207Updated last year
- Suricata Verification Tests - Testing Suricata Output☆112Updated last week
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.☆136Updated 3 weeks ago
- Prefetch Explorer Command Line☆261Updated 7 months ago