Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
APACHE-2.0 License
A Linux Host-based Intrusion Detection System based on eBPF.
XDP Deployments in Userspace eBPF
eBPF sk_lookup program as a golang library
An eBPF enhanced Linux kernel skb and socket tracing tool.
eBPF proxy with loadbalancing capabilities
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
Process-aware, eBPF-based tcpdump
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events...
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around e...
A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network p...
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and...
ebpfkit is a rootkit powered by eBPF
bpf 学习仓库