redcanaryco / redcanary-ebpf-sensorLinks
Red Canary's eBPF Sensor
☆111Updated 4 months ago
Alternatives and similar repositories for redcanary-ebpf-sensor
Users that are interested in redcanary-ebpf-sensor are comparing it to the libraries listed below
Sorting:
- ☆89Updated last year
- The Linux port of the Sysinternals Sysmon tool.☆277Updated last month
- Linux Kernel Runtime Integrity with eBPF☆183Updated last year
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆166Updated last year
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆137Updated 2 years ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆150Updated 3 years ago
- An eBPF playground☆208Updated last year
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆259Updated 2 years ago
- A collection of bypasses and exploits for eBPF-based cloud security.☆25Updated last year
- Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives …☆165Updated last year
- SysFlow documentation and issues tracker☆45Updated last year
- Sandfly Linux Stealth Rootkit Decloaking Utility☆105Updated 2 years ago
- Linpmem is a linux memory acquisition tool☆93Updated 4 months ago
- Anything Sysmon related from the MSTIC R&D team☆156Updated last year
- convert ELF/DWARF symbol and type information into vol3's intermediate JSON☆136Updated last year
- Dectect syscall hooking using eBPF☆162Updated 2 years ago
- Vault Exploit Defense☆127Updated last year
- An implementation of a Windows Event Collector server running on GNU/Linux.☆80Updated last week
- Alternative YARA scanning engine☆72Updated 3 years ago
- ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.☆117Updated 2 years ago
- monitor and protect SSH sessions with eBPF☆70Updated 4 years ago
- An eBPF detection program for CVE-2022-0847☆28Updated 3 years ago
- Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)☆90Updated 5 months ago
- A collection of projects demonstrating various commandline cloaking techniques on Linux☆59Updated 3 years ago
- Open Source eBPF Malware Analysis Framework☆52Updated last year
- Linux endpoint events for BPF enabled systems☆24Updated 2 years ago
- Elastic's eBPF☆69Updated last month
- The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access…☆75Updated last week
- An ebpf based agent for monitoring security relevant events on Linux systems.☆34Updated last year
- Elastic Security Labs releases☆81Updated 2 weeks ago