/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and...
Elastic's eBPF
This tool have the power to hide any PID/directory in the Linux kernel
Syscall monitoring and auditing tool built using eBPF
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - f...
A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network p...
eBPF sk_lookup program as a golang library
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin,...
eBPF programs to monitor and update kernel congestion window
ebpfkit is a rootkit powered by eBPF
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around e...
eBPF Developer Tutorial: Learning eBPF Step by Step with Examples
A Linux Host-based Intrusion Detection System based on eBPF.