BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Small and highly portable detection tests based on MITRE's ATT&CK.

LKM Linux rootkit

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

mysql-sniffer is a network traffic analyzer tool for mysql, it is developed by Qihoo DBA and infrastructure team

The multi-platform memory acquisition tool.

LMP provides an eBPF Supermarket for developers, including eBPF tools, open-source projects based on eBPF, eBPF learning materials, Linux kernel learning materials, and more.

A Linux Host-based Intrusion Detection System based on eBPF.

Small and lightweight Apache module to log POST data of a HTTP request