ebpfkit-monitor

Erbpf detector

A tool designed to detect and protect against certain types of malicious eBPF bytecode

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

GitHub

125 stars
6 watching
17 forks
Language: C
last commit: almost 2 years ago
Linked from 1 awesome list

ebpfkernellinuxlinux-kernellinux-kernel-hackingrootkitruntime-securitysecurity

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
gui774ume/ebpfkit A rootkit powered by eBPF designed to demonstrate offensive security techniques and bypass kernel protections. 766
ebpfdev/explorer A tool to explore and visualize the eBPF subsystem of Linux hosts 82
vbpf/ebpf-verifier A tool that verifies the correctness of eBPF programs using an abstract interpretation approach 394
h3xduck/triplecross A Linux rootkit demonstrating the offensive capabilities of eBPF technology using various techniques such as backdoors, C2 channels and code injection. 1,796
redcanaryco/ebpfmon Tool for monitoring and inspecting eBPF programs on Linux systems 85
ebpfdev/explorer-ui A frontend application for exploring and interacting with eBPF (Extended Berkeley Packet Filter) systems 2
eunomia-bpf/eunomia-bpf A toolchain to simplify building and running eBPF programs with CO-RE and WebAssembly support 687
pathtofile/bad-bpf Demonstrates security vulnerabilities in the Linux kernel's eBPF system 556
redcanaryco/redcanary-ebpf-sensor A collection of eBPF applications designed to gather system events for a Linux EDR solution 101
rprinz08/hbpf An experiment to implement eBPF features in hardware using alternate HDLs and cheap development boards 402
kindlingproject/kindling An eBPF-based monitoring tool for Kubernetes applications. 1,132
iovisor/ubpf An eBPF VM that allows userspace execution of eBPF programs in a Linux kernel-independent way. 841
linux-lock/bpflock A security solution using eBPF to restrict Linux access and protect against attacks 138
tw4452852/zbpf A tool that enables writing eBPF programs with strong type systems in Zig. 125
fzakaria/ebpf-mpls-encap-decap Demonstrates packet encapsulation and decapsulation with MPLS labels using eBPF 54