redcanaryco / redcanary-ebpf-sensorLinks
Red Canary's eBPF Sensor
☆109Updated 2 months ago
Alternatives and similar repositories for redcanary-ebpf-sensor
Users that are interested in redcanary-ebpf-sensor are comparing it to the libraries listed below
Sorting:
- ☆89Updated last year
- The Linux port of the Sysinternals Sysmon tool.☆274Updated last month
- Linux Kernel Runtime Integrity with eBPF☆181Updated last year
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆134Updated 2 years ago
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆164Updated 11 months ago
- An eBPF detection program for CVE-2022-0847☆28Updated 3 years ago
- Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives …☆159Updated last year
- monitor and protect SSH sessions with eBPF☆70Updated 4 years ago
- Alternative YARA scanning engine☆72Updated 3 years ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆149Updated 3 years ago
- convert ELF/DWARF symbol and type information into vol3's intermediate JSON☆130Updated 10 months ago
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆254Updated 2 years ago
- A collection of bypasses and exploits for eBPF-based cloud security.☆24Updated last year
- Linpmem is a linux memory acquisition tool☆87Updated 2 months ago
- YARI is an interactive debugger for YARA Language.☆88Updated 2 months ago
- An implementation of a Windows Event Collector server running on GNU/Linux.☆76Updated last week
- An eBPF playground☆207Updated last year
- SysFlow documentation and issues tracker☆46Updated 10 months ago
- Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.☆25Updated 2 years ago
- Anything Sysmon related from the MSTIC R&D team☆155Updated last year
- Sandfly Linux Stealth Rootkit Decloaking Utility☆102Updated 2 years ago
- Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.☆136Updated 3 weeks ago
- Cisco Orbital - Osquery queries by Talos☆134Updated last year
- Linux endpoint events for BPF enabled systems☆24Updated 2 years ago
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆79Updated 2 months ago
- ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.☆117Updated 2 years ago
- An ebpf based agent for monitoring security relevant events on Linux systems.☆34Updated last year
- Accurate, modular, scalable PCAP manipulation tool written in Go.☆94Updated last year
- Linux #rootkit and #malware revealer☆26Updated last year
- YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA☆106Updated 3 months ago