275 Open source projects that are alternatives of or similar to ebpfkit

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

🐝 BPFBox 📦 Exploring process confinement in eBPF

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Prometheus exporter for custom eBPF metrics

An example rootkit that gives a userland process root permissions

You came here so you could have a base code to serve you as an example on how to develop a BPF application, compatible to BCC and/or LIBBPF, specially LIBBPF, having the userland part made in C or PYTHON.

一个深挖 Linux 内核的新功能特性，以 io_uring, cgroup, ebpf, llvm 为代表，包含开源项目，代码案例，文章，视频，架构脑图等

🔓 x86 Linux Kernel rootkit for Debian 9 (4.9.0-11-686-pae)

awesome-linux-rootkits

[Deplicated] Now we have more sophisticated (and compact) implementation in ipftrace2 repository. Please check it as well.

A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.

How to be low-level programmer

Collection of Linux Kernel Modules and PoC to discover, learn and practice Linux Kernel Development

A packet oriented Linux kernel function call tracer

eBPF/XDP-based software framework for fast network services running in the Linux kernel.

windows kernel security development

Listen to Tux's heartbeat with this awesome Linux Kernel Module ❤️

Shadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)

This is the list of all rootkits found so far on github and other sites.

Linux v4.x.x Rootkit

Virtual Linux block device driver for simulating and performing I/O.

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

Un poco de información acerca del kernel Linux

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

linux post-exploitation framework made by linux user

Windows Rootkit written in Python

Embedded Linux Education Kit

Rust bindings to libbpf from the Linux kernel

Draft of generic instrumentation tool based on QEMU using eBPF to implement trivial instrumentations with trivial code

Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster

💣 just for fun ¯\_(ツ)_/¯

PCI Express DIY hacking toolkit for Xilinx SP605

Webshell && Backdoor Collection

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

natickOS - A minimal, lightweight, research Linux Distribution

Kernel profiler based on perf_event and ebpf

LD_PRELOAD rootkit

Hypervisor Memory Introspection Core Library

LD_PRELOAD Linux rootkit (x86 & ARM)

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks

Linux Rootkits (4.x Kernel)

Your interpreter isn’t safe anymore  —  The PHP module backdoor

Elastic's eBPF

Rootkit Detector for UNIX

Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, functions to protect etc)

Example of hooking a linux systemcall

ld_preload userland rootkit

Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)

Reverse shell and rootkit

SMM rootkit similar to LoJax or MosaicRegressor

Pendulum Kernel (old Rebirth) based on LE.UM.3.2.2.r1.1 CAF with google-common merged in for Xiaomi Poco F1 and Mi 8 with LTO, CFI and SCS enabled.

A tool that automates booting of operating systems on target hardware or in qemu

A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68

Resolve DOS MZ executable symbols at runtime

A local LKM rootkit loader/dropper that lists available security mechanisms

Rootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools

A Python 3 standalone Windows 10 / Linux Rootkit using Tor.

BCC port for MRI - this is unofficial bonsai project.