redcanaryco / redcanary-ebpf-sensorLinks
Red Canary's eBPF Sensor
☆108Updated last month
Alternatives and similar repositories for redcanary-ebpf-sensor
Users that are interested in redcanary-ebpf-sensor are comparing it to the libraries listed below
Sorting:
- ☆89Updated last year
- The Linux port of the Sysinternals Sysmon tool.☆271Updated 3 weeks ago
- Linux Kernel Runtime Integrity with eBPF☆180Updated last year
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆163Updated 10 months ago
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆133Updated 2 years ago
- Linpmem is a linux memory acquisition tool☆87Updated last month
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆253Updated 2 years ago
- Anything Sysmon related from the MSTIC R&D team☆154Updated last year
- An eBPF detection program for CVE-2022-0847☆28Updated 3 years ago
- Alternative YARA scanning engine☆72Updated 2 years ago
- Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives …☆158Updated last year
- An eBPF playground☆206Updated last year
- monitor and protect SSH sessions with eBPF☆70Updated 4 years ago
- An implementation of a Windows Event Collector server running on GNU/Linux.☆76Updated this week
- YARI is an interactive debugger for YARA Language.☆88Updated last month
- A collection of bypasses and exploits for eBPF-based cloud security.☆24Updated last year
- bpflock - eBPF driven security for locking and auditing Linux machines☆149Updated 3 years ago
- The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access…☆71Updated this week
- SysFlow documentation and issues tracker☆46Updated 10 months ago
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆78Updated last month
- Cisco Orbital - Osquery queries by Talos☆134Updated 11 months ago
- convert ELF/DWARF symbol and type information into vol3's intermediate JSON☆128Updated 9 months ago
- Sandfly Linux Stealth Rootkit Decloaking Utility☆101Updated 2 years ago
- Open source endpoint agent providing host information to Zeek. [v2]☆85Updated 3 weeks ago
- Elastic's eBPF☆69Updated 3 weeks ago
- simple YARA-based IOC scanner☆169Updated this week
- A collection of projects demonstrating various commandline cloaking techniques on Linux☆58Updated 2 years ago
- Linux #rootkit and #malware revealer☆26Updated last year
- Dectect syscall hooking using eBPF☆159Updated 2 years ago
- Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)☆83Updated 3 months ago