ebpfkit
Rootkit
A rootkit powered by eBPF designed to demonstrate offensive security techniques and bypass kernel protections.
ebpfkit is a rootkit powered by eBPF
766 stars
18 watching
92 forks
Language: C
last commit: almost 2 years ago
Linked from 2 awesome lists
ebpfkernellinuxlinux-kernellinux-kernel-hackingrootkitruntime-securitysecurity
zoidyzoidzoid/awesome-ebpf
karneades/awesome-malware-persistenceRelated projects:
| Repository | Description | Stars |
|---|---|---|
| gui774ume/ebpfkit-monitor | A tool designed to detect and protect against certain types of malicious eBPF bytecode | 125 |
 h3xduck/triplecross | A Linux rootkit demonstrating the offensive capabilities of eBPF technology using various techniques such as backdoors, C2 channels and code injection. | 1,796 |
 eterna1/puszek-rootkit | A Linux rootkit that hooks the system call table to hide files and processes. | 157 |
 eversinc33/banshee | A Windows kernel rootkit with anti-rootkit evasion features and keylogging capabilities. | 502 |
 pathtofile/bad-bpf | Demonstrates security vulnerabilities in the Linux kernel's eBPF system | 556 |
 eunomia-bpf/eunomia-bpf | A toolchain to simplify building and running eBPF programs with CO-RE and WebAssembly support | 687 |
 d4stiny/spectre | A proof-of-concept Windows kernel-mode rootkit designed to demonstrate legitimate communication channel exploitation for remote control. | 685 |
 mempodippy/vlany | A Linux rootkit designed to evade detection and maintain persistence on compromised systems | 947 |
 ebpfdev/explorer | A tool to explore and visualize the eBPF subsystem of Linux hosts | 82 |
 rprinz08/hbpf | An experiment to implement eBPF features in hardware using alternate HDLs and cheap development boards | 403 |
 yaoyumeng/adore-ng | A Linux rootkit adapted for 2.6 and 3.x kernel versions | 206 |
 iovisor/ubpf | An eBPF VM that allows userspace execution of eBPF programs in a Linux kernel-independent way. | 841 |
 tw4452852/zbpf | A tool that enables writing eBPF programs with strong type systems in Zig. | 125 |
 linux-lock/bpflock | A security solution using eBPF to restrict Linux access and protect against attacks | 138 |
 generic-ebpf/generic-ebpf | An eBPF runtime framework providing a portable interpreter, JIT compiler, and abstraction layer for interacting with various eBPF systems | 149 |