ebpfkit-monitor
Erbpf detector
A tool designed to detect and protect against certain types of malicious eBPF bytecode
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
123 stars
6 watching
17 forks
Language: C
last commit: over 1 year ago
Linked from 1 awesome list
ebpfkernellinuxlinux-kernellinux-kernel-hackingrootkitruntime-securitysecurity
zoidyzoidzoid/awesome-ebpfRelated projects:
| Repository | Description | Stars |
|---|---|---|
| gui774ume/ebpfkit | A rootkit powered by eBPF designed to demonstrate offensive security techniques and bypass kernel protections. | 761 |
 ebpfdev/explorer | A tool to explore and visualize the eBPF subsystem of Linux hosts | 81 |
 vbpf/ebpf-verifier | A tool that verifies the correctness of eBPF programs using an abstract interpretation approach | 391 |
 h3xduck/triplecross | A Linux rootkit demonstrating the offensive capabilities of eBPF technology using various techniques such as backdoors, C2 channels and code injection. | 1,786 |
 redcanaryco/ebpfmon | Tool for monitoring and inspecting eBPF programs on Linux systems | 84 |
| ebpfdev/explorer-ui | A frontend application for exploring and interacting with eBPF (Extended Berkeley Packet Filter) systems | 2 |
 eunomia-bpf/eunomia-bpf | A toolchain to simplify building and running eBPF programs with CO-RE and WebAssembly support | 681 |
 pathtofile/bad-bpf | Demonstrates security vulnerabilities in the Linux kernel's eBPF system | 549 |
| redcanaryco/redcanary-ebpf-sensor | A collection of eBPF applications designed to gather system events for a Linux EDR solution | 101 |
 rprinz08/hbpf | An experiment to implement eBPF features in hardware using alternate HDLs and cheap development boards | 402 |
 kindlingproject/kindling | An eBPF-based monitoring tool for Kubernetes applications. | 1,122 |
 iovisor/ubpf | An eBPF VM that allows userspace execution of eBPF programs in a Linux kernel-independent way. | 832 |
 linux-lock/bpflock | A security solution using eBPF to restrict Linux access and protect against attacks | 136 |
 tw4452852/zbpf | A tool that enables writing eBPF programs with strong type systems in Zig. | 122 |
 fzakaria/ebpf-mpls-encap-decap | Demonstrates packet encapsulation and decapsulation with MPLS labels using eBPF | 53 |