275 Open source projects that are alternatives of or similar to ebpfkit-monitor

ebpfkit is a rootkit powered by eBPF

🐝 BPFBox 📦 Exploring process confinement in eBPF

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Prometheus exporter for custom eBPF metrics

An example rootkit that gives a userland process root permissions

A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.

[Deplicated] Now we have more sophisticated (and compact) implementation in ipftrace2 repository. Please check it as well.

eBPF/XDP-based software framework for fast network services running in the Linux kernel.

Collection of Linux Kernel Modules and PoC to discover, learn and practice Linux Kernel Development

awesome-linux-rootkits

You came here so you could have a base code to serve you as an example on how to develop a BPF application, compatible to BCC and/or LIBBPF, specially LIBBPF, having the userland part made in C or PYTHON.

How to be low-level programmer

一个深挖 Linux 内核的新功能特性，以 io_uring, cgroup, ebpf, llvm 为代表，包含开源项目，代码案例，文章，视频，架构脑图等

A packet oriented Linux kernel function call tracer

🔓 x86 Linux Kernel rootkit for Debian 9 (4.9.0-11-686-pae)

a summary of linux rootkits published on GitHub

This module allows one to kill TCP sockets (including TIME-WAIT state).

windows kernel security development

Shadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)

A minimalist Linux .config for Dell XPS 9560 (2017 edition).

Listen to Tux's heartbeat with this awesome Linux Kernel Module ❤️

This is the list of all rootkits found so far on github and other sites.

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

Virtual Linux block device driver for simulating and performing I/O.

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

www.rootkit.com users section mirror, sql database dump, and a few other files/rootkits.

BCC port for MRI - this is unofficial bonsai project.

Windows Rootkit written in Python

Pendulum Kernel (old Rebirth) based on LE.UM.3.2.2.r1.1 CAF with google-common merged in for Xiaomi Poco F1 and Mi 8 with LTO, CFI and SCS enabled.

Embedded Linux Education Kit

No description or website provided.

Linux v4.x.x Rootkit

Hypervisor Memory Introspection Core Library

linux post-exploitation framework made by linux user

Webshell && Backdoor Collection

This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Rust bindings to libbpf from the Linux kernel

Kernel profiler based on perf_event and ebpf

PCI Express DIY hacking toolkit for Xilinx SP605

💣 just for fun ¯\_(ツ)_/¯

LD_PRELOAD rootkit

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

LD_PRELOAD Linux rootkit (x86 & ARM)

Linux Rootkits (4.x Kernel)

Un poco de información acerca del kernel Linux

Rootkit Detector for UNIX

Your interpreter isn’t safe anymore  —  The PHP module backdoor

Example of hooking a linux systemcall

ld_preload userland rootkit

natickOS - A minimal, lightweight, research Linux Distribution

Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster

Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, functions to protect etc)

Reverse shell and rootkit

SMM rootkit similar to LoJax or MosaicRegressor

Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)

Resolve DOS MZ executable symbols at runtime

A local LKM rootkit loader/dropper that lists available security mechanisms

Elastic's eBPF