microsoft/SysinternalsEBPF external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

microsoft/SysinternalsEBPF

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/microsoft/SysinternalsEBPF)

Close

microsoft / SysinternalsEBPFView on GitHubMore

• External links
• Readme badge

The Linux port of the Sysinternals Sysmon tool.

☆284May 7, 2026Updated last month

Alternatives and similar repositories for SysinternalsEBPF

Users that are interested in SysinternalsEBPF are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• microsoft / SysmonForLinux

  View on GitHub
  Sysmon for Linux
  ☆2,120Updated this week
• microsoft / SysmonCommon

  View on GitHub
  The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.
  ☆63Apr 23, 2026Updated 2 months ago
• microsoft / ProcMon-for-Linux

  View on GitHub
  A Linux version of the Procmon Sysinternals tool
  ☆4,700May 7, 2026Updated last month
• Sysinternals / sysinternals

  View on GitHub
  Content for sysinternals.com
  ☆84Oct 26, 2019Updated 6 years ago
• Chuyu-Team / woflib

  View on GitHub
  An open source library for operating the Windows Overlay Filter driver.
  ☆22Jan 16, 2019Updated 7 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• microsoft / ProcDump-for-Linux

  View on GitHub
  A Linux version of the ProcDump Sysinternals tool
  ☆3,074Jun 16, 2026Updated last week
• chenyueqi / hotBPF

  View on GitHub
  ☆15Apr 28, 2023Updated 3 years ago
• Gui774ume / ebpfkit

  View on GitHub
  ebpfkit is a rootkit powered by eBPF
  ☆849Feb 28, 2023Updated 3 years ago
• trailofbits / ebpfpub

  View on GitHub
  ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.
  ☆124Jun 22, 2026Updated last week
• fvasquez / ply-bbb

  View on GitHub
  eBPF kernels and user space tools for BeagleBone SBCs
  ☆10Jan 16, 2022Updated 4 years ago
• DFIR-ORC / dfir-orc-config

  View on GitHub
  Configurations for DFIR ORC
  ☆28Jun 11, 2026Updated 2 weeks ago
• EricZimmerman / GuidMapping

  View on GitHub
  ☆25Apr 26, 2026Updated 2 months ago
• pathtofile / bpf-hookdetect

  View on GitHub
  Dectect syscall hooking using eBPF
  ☆168Apr 28, 2023Updated 3 years ago
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆3,062Aug 21, 2024Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• dylandreimerink / gobpfld

  View on GitHub
  GoBPFLD is a pure go eBPF loader/userspace library
  ☆20Feb 5, 2022Updated 4 years ago
• Asphaltt / iptables-trace

  View on GitHub
  iptables-trace is an eBPF enhanced iptables-TRACE alternative iptables TRACE. GPL-3.0 license
  ☆14Feb 3, 2025Updated last year
• xorrior / xpcutil

  View on GitHub
  Golang Tool to interact with Launchd and other services with XPC
  ☆28May 7, 2020Updated 6 years ago
• chriskaliX / Hades

  View on GitHub
  Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
  ☆304May 24, 2026Updated last month
• davehull / Get-StakRank

  View on GitHub
  A Powershell script for frequency analysis of separated values data files.
  ☆17Jan 22, 2014Updated 12 years ago
• daveherrald / SA_plaso-app-for-splunk

  View on GitHub
  ☆16Apr 16, 2017Updated 9 years ago
• microsoft / ebpf-for-windows

  View on GitHub
  eBPF implementation that runs on top of Windows
  ☆3,507Jun 20, 2026Updated last week
• daniellowrie / sweeper

  View on GitHub
  Host Discovery Tool
  ☆10Jan 17, 2022Updated 4 years ago
• est357 / owlk8s

  View on GitHub
  A K8s ClusterIP HTTP monitoring library based on eBPF
  ☆18May 23, 2021Updated 5 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• apriorit / backup_filter_driver_sample

  View on GitHub
  ☆13Apr 30, 2020Updated 6 years ago
• vmware-archive / kernel-event-collector-module

  View on GitHub
  This is the Linux kernel module event collector for the Carbon Black Cloud.
  ☆19Aug 4, 2023Updated 2 years ago
• vmware-archive / cbsensor-linux-kmod

  View on GitHub
  Linux Kernel module for Carbon Black EDR
  ☆12Dec 11, 2020Updated 5 years ago
• h3xduck / TripleCross

  View on GitHub
  A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
  ☆1,961Apr 7, 2024Updated 2 years ago
• taterhead / PCAP-Index

  View on GitHub
  Set of scripts to index PCAP files and retrieve packets
  ☆14Sep 10, 2015Updated 10 years ago
• chentao-kernel / spycat

  View on GitHub
  An eBPF kernel Observable Agent To Spy Performance Issue On OS.
  ☆13Oct 31, 2025Updated 7 months ago
• linux-lock / bpflock

  View on GitHub
  bpflock - eBPF driven security for locking and auditing Linux machines
  ☆153Feb 16, 2022Updated 4 years ago
• trailofbits / RpcInvestigator

  View on GitHub
  Exploring RPC interfaces on Windows
  ☆359Jan 30, 2024Updated 2 years ago
• redcanaryco / ebpfmon

  View on GitHub
  ☆91Dec 5, 2025Updated 6 months ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• HarfangLab / iocs

  View on GitHub
  Indicators of compromise
  ☆20May 18, 2026Updated last month
• 0xdidu / Presentations

  View on GitHub
  ☆13Dec 26, 2022Updated 3 years ago
• zeek / zeek-agent

  View on GitHub
  This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2
  ☆122Nov 19, 2020Updated 5 years ago
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,421Feb 10, 2026Updated 4 months ago
• elastic / protections-artifacts

  View on GitHub
  Elastic Security detection content for Endpoint
  ☆1,444Updated this week
• Gui774ume / krie

  View on GitHub
  Linux Kernel Runtime Integrity with eBPF
  ☆186Nov 23, 2023Updated 2 years ago
• silascutler / DetuxNG

  View on GitHub
  The Multiplatform Linux Sandbox
  ☆16Dec 19, 2023Updated 2 years ago