Dectect syscall hooking using eBPF
☆169Apr 28, 2023Updated 2 years ago
Alternatives and similar repositories for bpf-hookdetect
Users that are interested in bpf-hookdetect are comparing it to the libraries listed below
Sorting:
- Rootkit breaker - experimental Linux anti-rootkit tool based on kprobes☆12Sep 30, 2020Updated 5 years ago
- ☆15Jun 24, 2021Updated 4 years ago
- Trace deep kernel events through eBPF and lsm hooks☆42Feb 9, 2021Updated 5 years ago
- Disable SSL certificate verification for all binaries that use libssl☆48Jul 15, 2022Updated 3 years ago
- deobfuscation BR☆55Mar 4, 2024Updated 2 years ago
- Red Canary's eBPF Sensor☆113Updated this week
- Rootkit spotter - experimental Linux rootkit finder LKM☆30Oct 11, 2020Updated 5 years ago
- Red-Team LKM☆636Dec 16, 2025Updated 3 months ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆151Feb 16, 2022Updated 4 years ago
- Trace jni calls with eBPF on Android☆24Jun 21, 2022Updated 3 years ago
- A Linux Host-based Intrusion Detection System based on eBPF.☆458Dec 20, 2023Updated 2 years ago
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆684Jul 7, 2024Updated last year
- A Project for people to study android svc.☆25Aug 12, 2022Updated 3 years ago
- Rootkit☆24Nov 15, 2014Updated 11 years ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,949Apr 7, 2024Updated last year
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,665Oct 19, 2023Updated 2 years ago
- ☆29May 13, 2025Updated 10 months ago
- ebpfkit is a rootkit powered by eBPF☆839Feb 28, 2023Updated 3 years ago
- openssl tracer using eBPF☆16Jan 4, 2026Updated 2 months ago
- WIP☆15Jan 13, 2022Updated 4 years ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,277Mar 10, 2026Updated last week
- A golang ebpf libary based on cilium/ebpf and datadog/ebpf.☆348May 18, 2025Updated 10 months ago
- ☆12Dec 16, 2022Updated 3 years ago
- 修复通过FART dump下来的dex☆29Aug 1, 2020Updated 5 years ago
- ☆49Mar 19, 2022Updated 4 years ago
- In-memory ELF shared library loading☆46Dec 18, 2022Updated 3 years ago
- ☆58Nov 10, 2021Updated 4 years ago
- silent syscall hooking without modifying sys_call_table/handlers via patching exception handler☆153Apr 22, 2024Updated last year
- Inject remote process without using ptrace on linux based system☆19Apr 26, 2022Updated 3 years ago
- Inotify监听测试☆35Apr 17, 2022Updated 3 years ago
- Remap a library to avoid detection☆132Feb 1, 2024Updated 2 years ago
- 基于JVMTI实现的Android端动态代码注入工具☆40May 10, 2024Updated last year
- Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker☆356Jul 21, 2023Updated 2 years ago
- CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation☆579Jun 7, 2022Updated 3 years ago
- smali trace☆207May 22, 2022Updated 3 years ago
- Tools and Materials for the Frida Engage Blog Series☆45Mar 28, 2018Updated 7 years ago
- IDA plugin that displays the P-code for the current function☆72Nov 18, 2025Updated 4 months ago
- ☆16Feb 27, 2026Updated 3 weeks ago
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆170Sep 7, 2024Updated last year