microsoft / SysinternalsEBPFLinks
The Linux port of the Sysinternals Sysmon tool.
☆277Updated last month
Alternatives and similar repositories for SysinternalsEBPF
Users that are interested in SysinternalsEBPF are comparing it to the libraries listed below
Sorting:
- Red Canary's eBPF Sensor☆111Updated 4 months ago
- convert ELF/DWARF symbol and type information into vol3's intermediate JSON☆136Updated last year
- Windows Registry Knowledge Base☆186Updated 2 weeks ago
- This repository contains the demo material built on top of ebpf-for-windows platform.☆45Updated last year
- Linux Kernel Runtime Integrity with eBPF☆183Updated last year
- ☆89Updated last year
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆167Updated last year
- Detection in the form of Yara, Snort and ClamAV signatures.☆237Updated 11 months ago
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆138Updated 2 years ago
- Anything Sysmon related from the MSTIC R&D team☆156Updated last year
- Linpmem is a linux memory acquisition tool☆94Updated 4 months ago
- A wireshark plugin to instrument ETW☆573Updated 3 years ago
- capemon: CAPE's monitor☆130Updated last week
- The Binarly Firmware Hunt (FwHunt) rule format was designed to scan for known vulnerabilities in UEFI firmware.☆241Updated last year
- Library and tools to access the Windows XML Event Log (EVTX) format☆215Updated last year
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆259Updated 2 years ago
- The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.☆64Updated 9 months ago
- MSR Project Freta☆77Updated last year
- ☆150Updated last year
- Dectect syscall hooking using eBPF☆164Updated 2 years ago
- ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.☆117Updated 2 years ago
- View ETW Provider manifest☆541Updated 11 months ago
- An eBPF playground☆209Updated last year
- Vault Exploit Defense☆127Updated last year
- Library and tools to access the Windows Prefetch File (SCCA) format.☆80Updated last month
- Security testing tools for Windows sandboxing technologies☆173Updated 5 months ago
- Sysmon for Linux☆1,981Updated 3 months ago
- Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules☆237Updated 5 months ago
- Automatically generate AV byte signatures from sets of similar binaries.☆282Updated 10 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 6 years ago