Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
-
Updated
Jun 7, 2024 - C
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel.
It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
Learning eBPF, published by O'Reilly - out now! Here's where you'll find a VM config for the examples, and more
The eBPF tool and systems inspection framework for Kubernetes, containers and Linux hosts.
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
libsinsp, libscap, the kernel module driver, and the eBPF driver sources
A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!
ebpfkit is a rootkit powered by eBPF
eBPF-based autoinstrumentation of web applications and network metrics
A Linux Host-based Intrusion Detection System based on eBPF.
Making eBPF programming easier via build env and examples
A small and efficient web server with 1K lines of C code