ebpfkit
fapolicyd
ebpfkit | fapolicyd | |
---|---|---|
2 | 3 | |
660 | 181 | |
- | 1.1% | |
0.7 | 8.4 | |
about 1 year ago | 5 days ago | |
C | C | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ebpfkit
- Show HN: Credentials dumper for Linux using eBPF
-
eBPF: A curated list of projects related to eBPF
eBPF is amazing because it has such a broad scope and is relatively simple to implement.
I'd recommend anyone interested in a starting point look at ebpfkit, the eBPF rootkit. https://github.com/Gui774ume/ebpfkit
fapolicyd
- Fapolicy troubleshooting
- fapolicyd should gracefully start despite errors in fapolicyd.conf
-
Best practices for public-facing machines
I'd consider fapolicyd for untrusted guest account systems. It ensures that only applications installed through the package manager can be run, i.e. no downloads of a local exploit and running ./hack on the terminal.
What are some alternatives?
awesome-ebpf - A curated list of awesome projects related to eBPF.
iohook - Node.js global keyboard and mouse listener.
TripleCross - A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
lkrg - Linux Kernel Runtime Guard
lkm-sandbox - Collection of Linux Kernel Modules and PoC to discover, learn and practice Linux Kernel Development
radare2 - UNIX-like reverse engineering framework and command-line toolset
ish - Linux shell for iOS
bouheki - bouheki is KRSI(eBPF+LSM) based Linux security auditing tool.
linux - Linux kernel variant from Analog Devices; see README.md for details
p4c-xdp - Backend for the P4 compiler targeting XDP
rke2