Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Packet, where are you? -- eBPF-based Linux kernel networking debugger

eBPF Developer Tutorial: Learning eBPF Step by Step with Examples

The eBPF tool and systems inspection framework for Kubernetes, containers and Linux hosts.

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

一个深挖 Linux 内核的新功能特性，以 io_uring, cgroup, ebpf, llvm 为代表，包含开源项目，代码案例，文章，视频，架构脑图等

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

bpf 学习仓库

eBPF-based autoinstrumentation of web applications and network metrics

Learning eBPF, published by O'Reilly - out now! Here's where you'll find a VM config for the examples, and more

ebpfkit is a rootkit powered by eBPF

bpftune uses BPF to auto-tune Linux systems

Alaz: Advanced eBPF Agent for Kubernetes Observability – Effortlessly monitor K8s service interactions and performance metrics in your K8s environment. Gain in-depth insights with service maps, metrics, distributed tracing, and more, while staying alert to crucial system anomalies 🐝

LMP provides an eBPF Supermarket for developers, including eBPF tools, open-source projects based on eBPF, eBPF learning materials, Linux kernel learning materials, and more.

A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!

In-kernel cache based on eBPF.

SSH Session Monitoring Daemon

A Linux Host-based Intrusion Detection System based on eBPF.

Making eBPF programming easier via build env and examples

A packet oriented Linux kernel function call tracer