Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
-
Updated
May 19, 2024 - C
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel.
It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
The eBPF tool and systems inspection framework for Kubernetes, containers and Linux hosts.
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
eBPF-based autoinstrumentation of web applications and network metrics
Learning eBPF, published by O'Reilly - out now! Here's where you'll find a VM config for the examples, and more
ebpfkit is a rootkit powered by eBPF
Alaz: Advanced eBPF Agent for Kubernetes Observability – Effortlessly monitor K8s service interactions and performance metrics in your K8s environment. Gain in-depth insights with service maps, metrics, distributed tracing, and more, while staying alert to crucial system anomalies 🐝
A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!
SSH Session Monitoring Daemon
A Linux Host-based Intrusion Detection System based on eBPF.
Making eBPF programming easier via build env and examples
A packet oriented Linux kernel function call tracer