eBPF
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
- GitHub: https://github.com/topics/ebpf
- Wikipedia: https://en.wikipedia.org/wiki/EBPF
- Created by: Alexei Starovoitov, Daniel Borkmann
- Released: 2014
- Last updated: 2026-06-23 00:09:10 UTC
- JSON Representation
https://github.com/iamgp21/capstone-runtime-sec
POC Repo for Implementing Runtime Security fo a Kubernetes Cluster.
architecture cloud-security cncf ebpf kubernetes observability runtime-security
Last synced: 29 Apr 2026
https://github.com/nevinshine/telos-runtime
A closed-loop security runtime preventing "The Great Exfiltration" and Indirect Prompt Injection in Autonomous AI Agents.
agentic-ai ebpf golang linux-security llm-security lsm prompt-injection python runtime-security systems-research taint-tracking xdp zero-trust
Last synced: 01 Feb 2026
https://github.com/ashishtiwari1993/slides.ashish.one
Collection of all slides presented by Ashish Tiwari
ebpf elastic elasticsearch function-calling genai
Last synced: 14 Feb 2026
https://github.com/yeet-src/runfrom
Live exec-provenance monitor. Flags execs from tmp/shm, fileless binaries, and setuid privilege jumps, all in-kernel.
bpf co-re ebpf exec fileless kernel linux observability provenance security setuid tracepoint tracing yeet
Last synced: 20 Jun 2026
https://github.com/samayun/system-monitoring-app
Monitor your operating system and detect anomaly
Last synced: 01 Nov 2025
https://github.com/knightchaser/ebpftracer
A simple and handcrafted strace-like eBPF-based syscall tracer
ebpf linux strace system-calls trace utility
Last synced: 07 May 2026
https://github.com/monkburger/bpf-mysql-querylog
BPF based MySQL query logging tool
Last synced: 08 May 2026
https://github.com/frizzymonsta/ebpf_prac
Short practice work about eBPF and log analysis for Innopolis students.
Last synced: 08 May 2026
https://github.com/laugharne/keynote__ebpf_-_everything_you_need_to_know_in_5_minutes
eBPF has become the key technology for infrastructure software. This session tells you everything you need to know about eBPF in 5 minutes. Why eBPF matters and why it exists. What it can do. What it can’t do. Who uses it for what. And finally, what the future holds.
Last synced: 16 Feb 2026
https://github.com/scm-probe/scm
Syscall monitoring and auditing tool built using eBPF
ebpf ebpf-exporter golang influxdb security security-audit security-tools
Last synced: 16 Feb 2026
https://github.com/n9v9/goland-fix-go-15787
Makeshift fix for GoLand issue GO-15787.
Last synced: 28 Apr 2026
https://github.com/marcomannu/simple_measurement_of_upf_performance_9
# Simple Measurement of UPF Performance 9This repository provides simple performance measurements of various open-source UPFs using the TRex traffic generator and the Simple PFCP Client as the simulator. Results may vary based on measurement conditions, and this serves as a basic reference for real-world configurations. 🐙✨
5g 5gc dpdk ebpf eupf free5gc latency open5gs performance pfcp proxmox proxmox-ve scapy traffic-generator trex upf vpp xdp
Last synced: 15 Jun 2025
https://github.com/charlie0129/killsnoop
Find out who sent a kill signal. Useful for debugging mysteriously happened kills.
bpf ebpf kernel linux syscalls tracepoints tracing
Last synced: 07 May 2026
https://github.com/yeet-src/md-sentry
eBPF integrity monitor for an LLM agent's markdown brain: CLAUDE.md, skills, memory. Tags AGENT vs EXTERNAL edits.
ai-agents bpf ebpf fentry file-monitoring integrity kernel linux llm observability provenance security yeet
Last synced: 20 Jun 2026
https://github.com/xdp-project/xdp-project.github.io
Static web site for xdp-project
Last synced: 26 Jun 2025
https://github.com/sakateka/htb-simulator
Hierachical token bucket simulator
algorithm c ebpf hierarchical-token-bucket htb token-bucket xdp
Last synced: 19 May 2026
https://github.com/tvroi/ebpf-docker-build-monitor
eBPF-based monitor for detecting suspicious activity during Docker image builds
c2-detection container-security dependency-injection devsecops docker-build docker-security ebpf runtime-monitoring syscall
Last synced: 12 Jun 2025
https://github.com/kokthay/linkquic
LinkQUIC is a novel framework capable of distinguishing QUIC from normal UDP streams in kernel space without kernel modification, decrypting QUIC payloads, or prior knowledge of QUIC protocol implementations in user space. This framework can identify QUIC in both endpoints and middleboxes.
distinguish ebpf heuristics identify kernel kernel-space linkquic network network-analysis network-monitoring network-traffic privacy protocol quic udp
Last synced: 24 Apr 2026
https://github.com/utibeabasi6/ebpf-practice
A collection of simple scripts i write while learning eBPF
Last synced: 25 Apr 2026
https://github.com/singgel/log-metric-tracing
可观测性(Observability)的三个支柱 日志(Logs):记录离散事件。 指标(Metrics):聚合的数值数据,如 CPU 使用率、请求率。 追踪(Traces):分布式请求的端到端调用链。 现代系统(如微服务)通常将这三者结合,实现全面的可观测性。
dapper ebpf elk logging metrics openresty opentracing prometheus spanner tracing
Last synced: 19 May 2026
https://github.com/muink/einat-ebpf
An eBPF-based Endpoint-Independent(Full Cone) NAT for Linux
Last synced: 04 Oct 2025
https://github.com/ifoxhz/sshdog
利用 ebpf 构建一个ssh 登录,以及操作的监控,主要是用于边缘计算的Linux 平台上,边缘节点总是面临安全威胁
Last synced: 18 May 2026
https://github.com/sandstorm791/flextrace
an ebpf application profiling toolkit
Last synced: 16 Apr 2026
https://github.com/isitobservable/inspektorgadget
A repository containing the files utilized in the Inspektor Gadget tutorial.
ebpf inspektor-gadget kubernetes
Last synced: 04 Mar 2026
https://github.com/lbirchler/pyflow
BCC based tool to trace function call/return hierarchy of Python scripts and processes
Last synced: 04 Jan 2026
https://github.com/ancat/lutra
Lutra automatically detects and destroys reverse shells.
Last synced: 17 May 2026
https://github.com/danny-yamamoto/lsm
LSM stands for Linux Security Modules which is a framework which allows developers to write security systems on top of the Linux kernel.
Last synced: 05 Mar 2026
https://github.com/seconize-co/dhi
Dhi - Runtime Intelligence & Protection System. Sanskrit: Intellect | Perception | Clear Vision. Kernel-space eBPF security monitoring for AI agents.
agent-security agentic-ai ai-agents ebpf kernel linux monitoring runtime-protection runtime-security sandboxing security threat-detection
Last synced: 02 Apr 2026
https://github.com/yasindce1998/aegis-shadow
A dual-module eBPF security research framework demonstrating offensive rootkit techniques (Shadow) and defensive runtime auditing (Aegis) for Linux kernel exploration.
bpf bpftool cyber-security ebpf ebpf-programs intrusion-detection kernel-hacking linux-kernel offensive-security rootkit runtime-security systemprogramming xdp
Last synced: 21 Jun 2026
https://github.com/carlossanchess/observer
Tracing system calls in Linux, using BCC toolkit leveraging eBPF technology.
bcc ebpf linux-kernel systemcalls
Last synced: 17 Apr 2026
https://gitlab.com/aarcange/rv-ebpf
RV monitor automata models powered by eBPF tracing
Linux Kernel automata ebpf tracing
Last synced: 10 Mar 2025
https://github.com/jgalar/LinuxCon2022-Benchmarks
Suite of benchmarks developed for my presentation at LinuxCon Europe 2022
benchmark ebpf lttng performance
Last synced: 10 Mar 2025
https://github.com/s5uishida/simple_measurement_of_eupf_performance
Simple Measurement of eUPF(eBPF/XDP UPF) Performance
5g 5gc ebpf eupf omec-pfcpsim performance pfcpsim proxmox proxmox-ve trex upf xdp
Last synced: 08 Apr 2025
https://github.com/vasilievsv/hw.pki-on-box
Educational PKI server on Radxa Zero (Linux) + STM32H750 TRNG via USB HID. SELinux + eBPF isolation. Python daemon. ISO 26262 ASIL A (educational).
buildroot cryptography ebpf embedded-linux iso26262 pki radxa selinux-policy-lang stm32 trng
Last synced: 12 Apr 2026
https://github.com/sentinez/quadrum
🗡️ Sentinez Quadrum // Sentinel of the Fourth Layer
Last synced: 10 May 2026
https://github.com/kakao/kubectl-cilium
A kubectl plugin to monitor Cilium SNAT usage and detect eviction risks.
Last synced: 17 May 2026
https://github.com/jmalicki-ai-slop/xibalba
Xibalba: Chaos Testing Framework for Linux Filesystem Concurrency using eBPF
chaos-engineering concurrency ebpf filesystem filesystem-testing jepsen kernel race-detection testing xibalba
Last synced: 18 Apr 2026
https://github.com/eladwf/ebpf-tuner-poc
Experimental Rust tuner agent using eBPF for low-overhead telemetry and adaptive workload control. Proof-of-concept for smarter, always-on system tuning
ebpf low-latency performance rust system-tuning
Last synced: 18 May 2026
https://github.com/axi0mh1ve/axiom-hive-ddm
Deterministic DNS Defense Module - Replace probabilistic threat detection with cryptographic verification and strict enforcement
cybersecurity deterministic-security dns dns-security ebpf kernel merkle-tree network-security security zero-trust
Last synced: 20 Apr 2026
https://github.com/coonfuuseed-paandaa/awg-mesh
Docker-native encrypted overlay mesh on AmneziaWG. Topology-as-code, two-level ECMP, DSCP policy routing, embedded DNS, anti-DPI obfuscation.
amneziawg docker dscp ebpf ecmp golang mesh-network nftables overlay-network vpn wireguard
Last synced: 20 Apr 2026
https://github.com/alexandreboutrik/bouclier-bleu
A modular Next-Generation Antivirus (NGAV) and Endpoint Detection & Response (EDR) for Linux, leveraging eBPF (LSM) and Rust for memory-safe userland.
bpf-lsm c ebpf edr libbpf linux-security ngav ransomware rust telemetry
Last synced: 21 Apr 2026
https://github.com/s5uishida/simple_measurement_of_upf_performance_9
Simple Measurement of UPF Performance 9
5g 5gc dpdk ebpf eupf free5gc latency open5gs performance pfcp proxmox proxmox-ve scapy traffic-generator trex upf upg-vpp vpp xdp
Last synced: 10 Jun 2025
https://github.com/kube-tarian/tarian-policy-engine
eBPF based threat elimination - Enforce Policies and Automated actions for auto threat elimination for Kubernetes. Also, share the threat(s) info & solution with community with simple yaml based configurations as eBPF functions..
ebpf kubernetes kubernetes-security threat-elimination threat-hunting threat-intelligence
Last synced: 17 May 2026
https://github.com/haolipeng/xdp-tutorial-cn
xdp-tutorial的中文版
beginner-friendly ebpf learning-by-doing tutorial xdp
Last synced: 24 Apr 2026
https://github.com/mikuchi9/ebpf-prefetch-hints
An eBPF-based tool that suggests prefetching hints to the Linux kernel for frequently executed binaries in /usr/bin.
ebpf libbpf performance prefetch system-tools userspace
Last synced: 24 Apr 2026
https://github.com/f18m/ebpf-netflow-tracer
A small eBPF utility to find out active TCP connections and depict them using Graphviz/DOT
Last synced: 24 Apr 2026
https://github.com/zigelboim-misha/kernel-system-enter-write-test
Using eBPF to print each a line every time a system enter write event is executed on the kernel
Last synced: 02 Jan 2026
https://github.com/feliux/kscope
eBPF-powered offensive runtime discovery and attack surface observability
ebpf kernel linux red-team-tools
Last synced: 06 Jun 2026
https://github.com/bengentil/wiretap
an eBPF utility to capture TLS data
ebpf go golang observability openssl uprobes
Last synced: 24 Apr 2026
https://github.com/thearyanahmed/ebpf0
I'm trying to learn about eBPF from Liz Rice's book.
Last synced: 02 Apr 2026
https://github.com/mbund/dimarchos
eBPF experiments
cni containers ebpf kernel tcx
Last synced: 14 May 2026
https://github.com/roiswd/ebpf-docker-build-monitor
eBPF-based monitor for detecting suspicious activity during Docker image builds
c2-detection container-security dependency-injection devsecops docker-build docker-security ebpf runtime-monitoring syscall
Last synced: 15 May 2026
https://github.com/qweralfredo/ebpf-design
eBPF made simple - 🤓 Learn or Die 💀
Last synced: 13 May 2026
https://github.com/flaxyzz/simple_measurement_of_upf_performance_7
Simple Measurement of UPF Performance 7
5gc dpdk ebpf eupf free5gc open5gs packetrusher performance proxmox proxmox-ve upf upg-vpp vpp xdp
Last synced: 18 Mar 2025
https://github.com/ebpfcca/ebpfcca
🐝 Evaluating eBPF as a Platform for Congestion Control Algorithm Implementation
congestion-control ebpf linux tcp
Last synced: 26 Apr 2026
https://github.com/antonlovesdnb/fishbowl
Containerized credential auditing perimeter for AI coding agents. Wraps Codex/Claude Code in Docker, audits every credential access via eBPF.
ai-agents claude-code codex container-security credential-security devtools docker ebpf rust security
Last synced: 26 Apr 2026
https://github.com/datanoisetv/shannon
Zero-instrumentation L7 observability for Linux via eBPF. See plaintext HTTP/HTTPS, gRPC, Postgres, MySQL, MongoDB, Redis, Kafka, Cassandra from any process — including through TLS — without keys, sidecars, or code changes. Pure Rust (aya), kernel 5.8+.
apm aya bpf cassandra ebpf ebpf-tools grpc http kafka linux mongodb mysql networking observability postgresql redis rust service-mesh tls tracing
Last synced: 27 Apr 2026
https://github.com/piwi3910/novanet
High-performance eBPF-based Kubernetes CNI with identity-based policy, Geneve/VXLAN overlay, native BGP routing, and real-time flow visibility
bgp cni container-networking ebpf geneve kubernetes network-policy networking vxlan
Last synced: 07 Mar 2026
https://github.com/chenhengqi/bpf-network
BPF network library for chaos engineering.
Last synced: 22 Jun 2026
https://github.com/mranv/sysmon-process
A poc on sysmon for process creation on kernel level!
Last synced: 28 Apr 2026
https://github.com/ar2pi/container-oomkill-probe
A simple container oomkill eBPF probe
Last synced: 28 Apr 2026
https://github.com/githubfoam/k8s-ebpf-sandbox
kubernetes ebpf
ebpf kubernetes network-observability network-security-monitoring pipeline
Last synced: 05 May 2026
https://github.com/dfrojas/yubarta
🐋 Yubarta is an auto-remediation platform written in Python that reacts to eBPF signals and external alerts with rule-based actions. With AI support on the roadmap to become a self-healing platform.
Last synced: 29 Apr 2026
https://github.com/majeinfo/ebpf_tools
Python scripts that use eBPF to diagnose problems
Last synced: 29 Apr 2026
https://github.com/svssdeva/shastra
Sanskrit-named instruments. WebGPU heat sim (Yantra) + Rust MCP server (Trishul) + WebGPU Shader Sandbox (Naadi) + Local first vision agent (Darshan)
agentic-tools astro claude ebpf finite-element mcp-server preact rust three-js webgpu wgsl
Last synced: 08 Jun 2026
https://github.com/ivanmtech/rust-bee-ns
eBPF-powered DNS racer with a Rust management agent
c dns ebpf linux-kernel rust systems-programming xdp
Last synced: 12 Apr 2026
https://github.com/jihye-seren-kim/xdp-time
NTP DDoS defense framework
ddos ebpf time-synchronization xdp
Last synced: 29 Apr 2026
https://github.com/boratanrikulu/gobee
(WIP) The easiest way to build production eBPF apps in Go. gobee fills the BPF-program gap left by cilium/ebpf and bpf2go.
bpf cilium-ebpf ebpf golang kernel linux transpiler
Last synced: 25 May 2026
https://github.com/sobolevska/simple_measurement_of_upf_performance_8
Simple Measurement of UPF Performance 8
5g 5gc dpdk ebpf eupf free5gc open5gs performance proxmox proxmox-ve srsran upf upg-vpp vpp
Last synced: 18 Mar 2025
https://github.com/platformbuilds/telegen
# Telegen - One Agent, Many Telemetry signals
cncf ebpf observability opentelemetry
Last synced: 05 Feb 2026
https://github.com/lucasbn/ebpf-lb
Layer 4 hash based load balancer written with eBPF
Last synced: 29 Apr 2026
https://github.com/yairfalse/vaisto_bpf
eBPF backend for the Vaisto programming language — compile typed S-expressions to BPF bytecode
beam bpf compiler ebpf elixir s-expressions type-safety
Last synced: 20 Feb 2026
https://github.com/michaelzheng67/bpf-monitor
Dashboard for monitoring tcp connections in k8s with ebpf
Last synced: 10 Apr 2026
https://github.com/nimishamehta5/tc-pkt-counter
eBPF program that counts TCP, UDP and ICMP egress packets (includes source and destination IPs (pods, nodes, external), ports, protocol and TCP flags or ICMP Echo types)
ebpf ebpf-go go golang kubernetes
Last synced: 10 Apr 2026
https://github.com/ddaskala/udp-multi-threaded
A multi-threaded UDP server with CPU cache affinity
Last synced: 16 Apr 2026
https://github.com/githubfoam/tracee-githubactions
tracee forensics ebpf githubactions
ebpf forensics githubactions linux
Last synced: 30 Apr 2026
https://github.com/braincreator/flowlink
🛡️ FlowLink — Governance & Risk Control for Autonomous AI Systems. MCP gateway with 7-level shield: kill switch, policies, approval, sandbox, audit. Works with Claude Code, Cursor, Copilot, Windsurf.
ai-agent-security ai-firewall ai-governance ai-security aider autonomous-agents claude-code cline copilot cursor devops-security ebpf mcp mcp-gateway mcp-server policy-engine prompt-injection rust windsurf zero-trust
Last synced: 31 May 2026
