Pamspy Alternatives

Similar projects and alternatives to pamspy

systemd

517 12,516 10.0 C pamspy VS systemd

The systemd System and Service Manager
falco

42 6,913 9.8 C++ pamspy VS falco

Cloud Native Runtime Security
InfluxDB

www.influxdata.com featured

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
TripleCross

11 1,677 0.7 C pamspy VS TripleCross

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
boopkit

10 1,505 1.5 C pamspy VS boopkit

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
bad-bpf

5 482 0.0 C pamspy VS bad-bpf

A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29
ebpfkit

2 660 0.7 C pamspy VS ebpfkit

ebpfkit is a rootkit powered by eBPF
dirtypipe-ebpf_detection

1 26 1.8 C pamspy VS dirtypipe-ebpf_detection

An eBPF detection program for CVE-2022-0847
SaaSHub

www.saashub.com featured

SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better pamspy alternative or higher similarity.

Suggest an alternative to pamspy

pamspy reviews and mentions

Posts with mentions or reviews of pamspy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-11-06.

eBPF – Running sandboxed programs in a privileged context such as OS kernel
6 projects | news.ycombinator.com | 6 Nov 2022

This is a good write-up and I like the diagrams. What appears to still be missing in an "off switch". AFAIK there are still no kernel boot time commands to disable eBPF entirely. I have to recompile the kernel to disable it.
eBPF has the potential for file-less malware to run hidden from detection and I foresee the ability to tickle ring -3 (and -4?) CPU within CPU functions while bypassing local firewalls.
Here is some example code of what people already know how to do today and this list will grow as people discover more capabilities. [1][2][3][4][5] These do require some privileges to insert but will remain running and hidden until reboot.
[1] - https://github.com/citronneur/pamspy
[2] - https://github.com/h3xduck/TripleCross
[3] - https://github.com/krisnova/boopkit
[4] - https://github.com/pathtofile/bad-bpf
[5] - https://doublepulsar.com/bpfdoor-an-active-chinese-global-su...
Credentials Dumper for Linux using eBPF
1 project | /r/linux | 6 Jul 2022

1 project | /r/cybersecurity | 6 Jul 2022

1 project | /r/netsec | 6 Jul 2022

1 project | /r/hacking | 6 Jul 2022
GitHub - citronneur/pamspy: Credentials Dumper for Linux using eBPF
1 project | /r/eBPF | 6 Jul 2022
Show HN: 使用eBPF的Linux的凭证转储器 (Show HN: Credentials dumper for Linux using eBPF)
1 project | /r/hnzh | 5 Jul 2022
pamspy: Credentials Dumper for Linux using eBPF
1 project | /r/blueteamsec | 5 Jul 2022
Show HN: Credentials dumper for Linux using eBPF
1 project | /r/patient_hackernews | 5 Jul 2022

1 project | /r/hackernews | 5 Jul 2022
A note from our sponsor - InfluxDB
www.influxdata.com | 3 May 2024

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →