Bpflock – eBPF Driven Security For Locking And Auditing Linux Machines

bpflock – eBPF driven security for locking and auditing Linux machines. Note: bpflock is currently in experimental stage, it may break, options and security semantics may change, some BPF programs will be updated to use Cilium ebpf library. 1. Introduction bpflock uses eBPF to strength Linux security. By restricting access to a various range ofRead More

Pamspy – Credentials Dumper For Linux Using eBPF

pamspy leverage eBPF technologies to achieve an equivalent work of 3snake. It will track a particular userland function inside the PAM (Pluggable Authentication Modules) library, used by many critical applications to handle authentication like: sudo sshd passwd gnome x11 and many other … How to launch? pamspy is built as a static binary without anyRead More

Lockc – Making Containers More Secure With eBPF And Linux Security Modules (LSM)

lockc is open source sofware for providing MAC (Mandatory Access Control) type of security audit for container workloads. The main reason why lockc exists is that containers do not contain. Containers are not as secure and isolated as VMs. By default, they expose a lot of information about host OS and provide ways to “breakRead More

Ecapture – Capture SSL/TLS Text Content Without CA Cert By eBPF

How eCapture works SSL/TLS text context capture, support opensslgnutlsnspr(nss) libraries. bash audit, capture bash command for Host Security Audit. mysql query SQL audit, support mysqld, and mariadDB. eCapture Architecure eCapture User Manual Getting started use ELF binary file Download ELF zip file release , unzip and use by command ./ecapture –help. Linux kernel versionRead More