Dectect syscall hooking using eBPF
☆169Apr 28, 2023Updated 2 years ago
Alternatives and similar repositories for bpf-hookdetect
Users that are interested in bpf-hookdetect are comparing it to the libraries listed below
Sorting:
- Rootkit breaker - experimental Linux anti-rootkit tool based on kprobes☆12Sep 30, 2020Updated 5 years ago
- ☆15Jun 24, 2021Updated 4 years ago
- Disable SSL certificate verification for all binaries that use libssl☆48Jul 15, 2022Updated 3 years ago
- Trace deep kernel events through eBPF and lsm hooks☆42Feb 9, 2021Updated 5 years ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆151Feb 16, 2022Updated 4 years ago
- Red Canary's eBPF Sensor☆113Jun 10, 2025Updated 8 months ago
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆683Jul 7, 2024Updated last year
- Red-Team LKM☆637Dec 16, 2025Updated 2 months ago
- deobfuscation BR☆54Mar 4, 2024Updated last year
- Trace jni calls with eBPF on Android☆24Jun 21, 2022Updated 3 years ago
- A Linux Host-based Intrusion Detection System based on eBPF.☆457Dec 20, 2023Updated 2 years ago
- silent syscall hooking without modifying sys_call_table/handlers via patching exception handler☆152Apr 22, 2024Updated last year
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,942Apr 7, 2024Updated last year
- ☆49Mar 19, 2022Updated 3 years ago
- A Project for people to study android svc.☆25Aug 12, 2022Updated 3 years ago
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,662Oct 19, 2023Updated 2 years ago
- ebpfkit is a rootkit powered by eBPF☆837Feb 28, 2023Updated 3 years ago
- Tricard - Malware Sandbox Fingerprinting☆23Dec 11, 2023Updated 2 years ago
- 修复通过FART dump下来的dex☆29Aug 1, 2020Updated 5 years ago
- Rootkit spotter - experimental Linux rootkit finder LKM☆30Oct 11, 2020Updated 5 years ago
- ☆58Nov 10, 2021Updated 4 years ago
- CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation☆579Jun 7, 2022Updated 3 years ago
- openssl tracer using eBPF☆16Jan 4, 2026Updated last month
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,264Jan 24, 2026Updated last month
- Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker☆356Jul 21, 2023Updated 2 years ago
- IDA plugin that displays the P-code for the current function☆72Nov 18, 2025Updated 3 months ago
- WIP☆15Jan 13, 2022Updated 4 years ago
- ☆16Updated this week
- ☆12Dec 16, 2022Updated 3 years ago
- Inotify监听测试☆35Apr 17, 2022Updated 3 years ago
- Inject remote process without using ptrace on linux based system☆19Apr 26, 2022Updated 3 years ago
- Linux Kernel Runtime Integrity with eBPF☆184Nov 23, 2023Updated 2 years ago
- Tools and Materials for the Frida Engage Blog Series☆45Mar 28, 2018Updated 7 years ago
- An eBPF playground☆210Dec 12, 2023Updated 2 years ago
- stupid ptrace tricks☆12May 19, 2021Updated 4 years ago
- Simple Android ARM&ARM64 GOT Hook☆37Jun 8, 2022Updated 3 years ago
- smali trace☆207May 22, 2022Updated 3 years ago
- monitor and protect SSH sessions with eBPF☆73Jul 2, 2021Updated 4 years ago
- A golang ebpf libary based on cilium/ebpf and datadog/ebpf.☆348May 18, 2025Updated 9 months ago