Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Pamspy Alternatives
Similar projects and alternatives to pamspy
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
-
boopkit
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
pamspy reviews and mentions
-
eBPF – Running sandboxed programs in a privileged context such as OS kernel
This is a good write-up and I like the diagrams. What appears to still be missing in an "off switch". AFAIK there are still no kernel boot time commands to disable eBPF entirely. I have to recompile the kernel to disable it.
eBPF has the potential for file-less malware to run hidden from detection and I foresee the ability to tickle ring -3 (and -4?) CPU within CPU functions while bypassing local firewalls.
Here is some example code of what people already know how to do today and this list will grow as people discover more capabilities. [1][2][3][4][5] These do require some privileges to insert but will remain running and hidden until reboot.
[1] - https://github.com/citronneur/pamspy
[2] - https://github.com/h3xduck/TripleCross
[3] - https://github.com/krisnova/boopkit
[4] - https://github.com/pathtofile/bad-bpf
[5] - https://doublepulsar.com/bpfdoor-an-active-chinese-global-su...
- Credentials Dumper for Linux using eBPF
- GitHub - citronneur/pamspy: Credentials Dumper for Linux using eBPF
- Show HN: 使用eBPF的Linux的凭证转储器 (Show HN: Credentials dumper for Linux using eBPF)
- pamspy: Credentials Dumper for Linux using eBPF
- Show HN: Credentials dumper for Linux using eBPF
-
A note from our sponsor - InfluxDB
www.influxdata.com | 3 May 2024
Stats
citronneur/pamspy is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of pamspy is C.
Popular Comparisons
Sponsored