SaaSHub helps you find the best software and product alternatives Learn more →
Bad-bpf Alternatives
Similar projects and alternatives to bad-bpf
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
-
boopkit
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
bad-bpf reviews and mentions
-
Writing to file in kprobe
Not going to find too many guides for BPF development. Best way to learn is by looking at existing code samples, like this repo
-
eBPF – Running sandboxed programs in a privileged context such as OS kernel
This is a good write-up and I like the diagrams. What appears to still be missing in an "off switch". AFAIK there are still no kernel boot time commands to disable eBPF entirely. I have to recompile the kernel to disable it.
eBPF has the potential for file-less malware to run hidden from detection and I foresee the ability to tickle ring -3 (and -4?) CPU within CPU functions while bypassing local firewalls.
Here is some example code of what people already know how to do today and this list will grow as people discover more capabilities. [1][2][3][4][5] These do require some privileges to insert but will remain running and hidden until reboot.
[1] - https://github.com/citronneur/pamspy
[2] - https://github.com/h3xduck/TripleCross
[3] - https://github.com/krisnova/boopkit
[4] - https://github.com/pathtofile/bad-bpf
[5] - https://doublepulsar.com/bpfdoor-an-active-chinese-global-su...
- A collection of malicious eBPF programs that make use of eBPF's abilities
- Show HN: Credentials dumper for Linux using eBPF
-
Boopkit: eBPF backdoor (TCP) for spawning reverse shells
For anyone interested, there are a few more projects with similar capabilities to look at:
- Bad-bpf: https://github.com/pathtofile/bad-bpf
- Offensive BPF: https://embracethered.com/blog/posts/2021/offensive-bpf/
- Ebpf, I thought we were friends: https://m.youtube.com/watch?v=5zixNDolLrg
-
A note from our sponsor - SaaSHub
www.saashub.com | 1 May 2024
Stats
pathtofile/bad-bpf is an open source project licensed under BSD 3-clause "New" or "Revised" License which is an OSI approved license.
The primary programming language of bad-bpf is C.
Sponsored