microsoft / SysinternalsEBPFLinks
The Linux port of the Sysinternals Sysmon tool.
☆263Updated 3 months ago
Alternatives and similar repositories for SysinternalsEBPF
Users that are interested in SysinternalsEBPF are comparing it to the libraries listed below
Sorting:
- Red Canary's eBPF Sensor☆107Updated last week
- convert ELF/DWARF symbol and type information into vol3's intermediate JSON☆122Updated 8 months ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆591Updated 2 weeks ago
- Sysmon for Linux☆1,900Updated last month
- Anything Sysmon related from the MSTIC R&D team☆153Updated last year
- Detection in the form of Yara, Snort and ClamAV signatures.☆228Updated 7 months ago
- Linux Kernel Runtime Integrity with eBPF☆179Updated last year
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆158Updated 9 months ago
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆132Updated 2 years ago
- View ETW Provider manifest☆498Updated 7 months ago
- A wireshark plugin to instrument ETW☆560Updated 3 years ago
- A DTrace on Windows Reimplementation☆348Updated 4 months ago
- capemon: CAPE's monitor☆122Updated last week
- Library and tools to access the Windows XML Event Log (EVTX) format☆206Updated 8 months ago
- Linpmem is a linux memory acquisition tool☆84Updated last year
- This repository contains the demo material built on top of ebpf-for-windows platform.☆43Updated 9 months ago
- Sysmon EDR POC Build within Powershell to prove ability.☆225Updated 4 years ago
- Windows Registry Knowledge Base☆175Updated 8 months ago
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆249Updated 2 years ago
- Automated YARA Rule Standardization and Quality Assurance Tool☆225Updated this week
- Event Tracing For Windows (ETW) Resources☆389Updated 8 months ago
- Dectect syscall hooking using eBPF☆155Updated 2 years ago
- Distributed malware processing framework based on Python, Redis and S3.☆430Updated 2 weeks ago
- $MFT directory tree reconstruction & FILE record info☆305Updated 8 months ago
- MSR Project Freta☆78Updated 11 months ago
- Suricata Verification Tests - Testing Suricata Output☆109Updated last week
- An NTFS/FAT parser for digital forensics & incident response☆203Updated 7 months ago
- Collection of private Yara rules.☆357Updated 2 months ago
- Collection of rules created using YARA-Signator over Malpedia☆130Updated 7 months ago
- Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)☆82Updated last month