microsoft / SysinternalsEBPFLinks
The Linux port of the Sysinternals Sysmon tool.
☆271Updated last month
Alternatives and similar repositories for SysinternalsEBPF
Users that are interested in SysinternalsEBPF are comparing it to the libraries listed below
Sorting:
- Red Canary's eBPF Sensor☆108Updated last month
- convert ELF/DWARF symbol and type information into vol3's intermediate JSON☆129Updated 9 months ago
- Windows Registry Knowledge Base☆177Updated 9 months ago
- This repository contains the demo material built on top of ebpf-for-windows platform.☆45Updated 10 months ago
- A wireshark plugin to instrument ETW☆561Updated 3 years ago
- Library and tools to access the Windows XML Event Log (EVTX) format☆212Updated 10 months ago
- Anything Sysmon related from the MSTIC R&D team☆154Updated last year
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆163Updated 10 months ago
- Detection in the form of Yara, Snort and ClamAV signatures.☆232Updated 9 months ago
- Sysmon for Linux☆1,923Updated last month
- MSR Project Freta☆77Updated last year
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆253Updated 2 years ago
- Linpmem is a linux memory acquisition tool☆87Updated last month
- Linux Kernel Runtime Integrity with eBPF☆180Updated last year
- Library and tools to access the Windows Prefetch File (SCCA) format.☆76Updated 7 months ago
- The Binarly Firmware Hunt (FwHunt) rule format was designed to scan for known vulnerabilities in UEFI firmware.☆237Updated last year
- The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.☆63Updated 6 months ago
- View ETW Provider manifest☆520Updated 9 months ago
- capemon: CAPE's monitor☆124Updated this week
- Vault Exploit Defense☆128Updated 10 months ago
- ☆149Updated last year
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆133Updated 2 years ago
- $MFT directory tree reconstruction & FILE record info☆307Updated 9 months ago
- A DTrace on Windows Reimplementation☆349Updated 6 months ago
- Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.☆135Updated this week
- ☆89Updated last year
- An eBPF playground☆206Updated last year
- ETW Python Library☆288Updated last year
- Library and tools to access the Windows New Technology File System (NTFS)☆213Updated last year
- Prefetch Explorer Command Line☆261Updated 6 months ago