Bad-bpf Alternatives

Similar projects and alternatives to bad-bpf

systemd

517 12,457 10.0 C bad-bpf VS systemd

The systemd System and Service Manager
falco

42 6,913 9.8 C++ bad-bpf VS falco

Cloud Native Runtime Security
InfluxDB

www.influxdata.com featured

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
TripleCross

11 1,677 0.7 C bad-bpf VS TripleCross

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
pamspy

12 1,106 0.0 C bad-bpf VS pamspy

Credentials Dumper for Linux using eBPF
boopkit

10 1,505 1.5 C bad-bpf VS boopkit

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
ebpfkit

2 660 0.7 C bad-bpf VS ebpfkit

ebpfkit is a rootkit powered by eBPF
ebpfkit-monitor

1 110 0.6 C bad-bpf VS ebpfkit-monitor

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
SaaSHub

www.saashub.com featured

SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
dirtypipe-ebpf_detection

1 26 1.8 C bad-bpf VS dirtypipe-ebpf_detection

An eBPF detection program for CVE-2022-0847
libbpf-bootstrap

1 930 7.6 C bad-bpf VS libbpf-bootstrap

Scaffolding for BPF application development with libbpf and BPF CO-RE

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better bad-bpf alternative or higher similarity.

Suggest an alternative to bad-bpf

bad-bpf reviews and mentions

Posts with mentions or reviews of bad-bpf. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-11-07.

Writing to file in kprobe
2 projects | /r/eBPF | 7 Nov 2022

Not going to find too many guides for BPF development. Best way to learn is by looking at existing code samples, like this repo
eBPF – Running sandboxed programs in a privileged context such as OS kernel
6 projects | news.ycombinator.com | 6 Nov 2022

This is a good write-up and I like the diagrams. What appears to still be missing in an "off switch". AFAIK there are still no kernel boot time commands to disable eBPF entirely. I have to recompile the kernel to disable it.
eBPF has the potential for file-less malware to run hidden from detection and I foresee the ability to tickle ring -3 (and -4?) CPU within CPU functions while bypassing local firewalls.
Here is some example code of what people already know how to do today and this list will grow as people discover more capabilities. [1][2][3][4][5] These do require some privileges to insert but will remain running and hidden until reboot.
[1] - https://github.com/citronneur/pamspy
[2] - https://github.com/h3xduck/TripleCross
[3] - https://github.com/krisnova/boopkit
[4] - https://github.com/pathtofile/bad-bpf
[5] - https://doublepulsar.com/bpfdoor-an-active-chinese-global-su...
A collection of malicious eBPF programs that make use of eBPF's abilities
1 project | news.ycombinator.com | 7 Sep 2022
Show HN: Credentials dumper for Linux using eBPF
5 projects | news.ycombinator.com | 5 Jul 2022
Boopkit: eBPF backdoor (TCP) for spawning reverse shells
3 projects | news.ycombinator.com | 3 Apr 2022

For anyone interested, there are a few more projects with similar capabilities to look at:
- Bad-bpf: https://github.com/pathtofile/bad-bpf
- Offensive BPF: https://embracethered.com/blog/posts/2021/offensive-bpf/
- Ebpf, I thought we were friends: https://m.youtube.com/watch?v=5zixNDolLrg
A note from our sponsor - SaaSHub
www.saashub.com | 1 May 2024

SaaSHub helps you find the best software and product alternatives Learn more →