redcanaryco / redcanary-ebpf-sensorLinks
Red Canary's eBPF Sensor
☆109Updated 3 months ago
Alternatives and similar repositories for redcanary-ebpf-sensor
Users that are interested in redcanary-ebpf-sensor are comparing it to the libraries listed below
Sorting:
- ☆89Updated last year
- VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF☆167Updated last year
- Linux Kernel Runtime Integrity with eBPF☆183Updated last year
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆137Updated 2 years ago
- The Linux port of the Sysinternals Sysmon tool.☆276Updated last week
- Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives …☆163Updated last year
- An eBPF playground☆207Updated last year
- bpflock - eBPF driven security for locking and auditing Linux machines☆150Updated 3 years ago
- An eBPF detection program for CVE-2022-0847☆28Updated 3 years ago
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆257Updated 2 years ago
- Linux endpoint events for BPF enabled systems☆24Updated 2 years ago
- Anything Sysmon related from the MSTIC R&D team☆156Updated last year
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆79Updated 3 months ago
- Dectect syscall hooking using eBPF☆162Updated 2 years ago
- Alternative YARA scanning engine☆72Updated 3 years ago
- convert ELF/DWARF symbol and type information into vol3's intermediate JSON☆133Updated 11 months ago
- An implementation of a Windows Event Collector server running on GNU/Linux.☆77Updated this week
- Cisco Orbital - Osquery queries by Talos☆135Updated last year
- Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)☆88Updated 5 months ago
- Linpmem is a linux memory acquisition tool☆88Updated 3 months ago
- YARI is an interactive debugger for YARA Language.☆89Updated 3 weeks ago
- monitor and protect SSH sessions with eBPF☆70Updated 4 years ago
- JA4TScan is an active TCP server fingerprinting tool.☆88Updated last year
- A collection of bypasses and exploits for eBPF-based cloud security.☆25Updated last year
- Open source endpoint agent providing host information to Zeek. [v2]☆86Updated 3 weeks ago
- The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access…☆73Updated last week
- Linux #rootkit and #malware revealer☆27Updated last year
- Sandfly Linux Stealth Rootkit Decloaking Utility☆103Updated 2 years ago
- Elastic Security Labs releases☆82Updated 3 months ago
- pySigma Elasticsearch backend☆54Updated last week