├── .gitmodules ├── AUTHORS ├── LICENSE ├── README.md ├── conjob ├── README.md └── conjob.py ├── glibcpwn ├── README.md ├── findglibc.py ├── payload │ └── evil.c └── pwnlibc.py ├── obie-trice-conjob ├── .gitignore ├── Makefile ├── README.md ├── common │ ├── Makefile │ ├── bpf_load.c │ ├── bpf_load.h │ ├── common.mk │ ├── common_user_bpf.c │ └── common_user_bpf.h ├── conjob.c ├── headers │ ├── bpf_helpers.h │ ├── linux │ │ ├── bpf.h │ │ └── stringify.h │ └── perf-sys.h ├── kern.c └── regs.h ├── talks ├── Evil_eBPF-DC27-v2.pdf ├── Fast_and_Easy_Tracing-NCC-OF-NYC.pdf └── Kernel_Tracing_With_eBPF-35C3.pdf ├── unixdump ├── AUTHORS ├── MANIFEST.in ├── Pipfile ├── README.md ├── setup.cfg ├── setup.py └── unixdump │ ├── __init__.py │ ├── screen.py │ ├── session.py │ ├── term_screen_wayland.py │ ├── term_screen_x11.py │ ├── term_tmux_wayland.py │ ├── term_tmux_x11.py │ ├── term_wayland.py │ ├── term_x11.py │ ├── tmux.py │ └── ud2b.py ├── uprobe-ulose ├── README.md └── uprobe.c └── yolo-ebpf ├── Makefile ├── README.md ├── build.sh └── yolo_ebpf.c /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/.gitmodules -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/AUTHORS -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Miscellaneous eBPF Tooling 2 | 3 | -------------------------------------------------------------------------------- /conjob/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/conjob/README.md -------------------------------------------------------------------------------- /conjob/conjob.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/conjob/conjob.py -------------------------------------------------------------------------------- /glibcpwn/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/glibcpwn/README.md -------------------------------------------------------------------------------- /glibcpwn/findglibc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/glibcpwn/findglibc.py -------------------------------------------------------------------------------- /glibcpwn/payload/evil.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/glibcpwn/payload/evil.c -------------------------------------------------------------------------------- /glibcpwn/pwnlibc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/glibcpwn/pwnlibc.py -------------------------------------------------------------------------------- /obie-trice-conjob/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/.gitignore -------------------------------------------------------------------------------- /obie-trice-conjob/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/Makefile -------------------------------------------------------------------------------- /obie-trice-conjob/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/README.md -------------------------------------------------------------------------------- /obie-trice-conjob/common/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/common/Makefile -------------------------------------------------------------------------------- /obie-trice-conjob/common/bpf_load.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/common/bpf_load.c -------------------------------------------------------------------------------- /obie-trice-conjob/common/bpf_load.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/common/bpf_load.h -------------------------------------------------------------------------------- /obie-trice-conjob/common/common.mk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/common/common.mk -------------------------------------------------------------------------------- /obie-trice-conjob/common/common_user_bpf.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/common/common_user_bpf.c -------------------------------------------------------------------------------- /obie-trice-conjob/common/common_user_bpf.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/common/common_user_bpf.h -------------------------------------------------------------------------------- /obie-trice-conjob/conjob.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/conjob.c -------------------------------------------------------------------------------- /obie-trice-conjob/headers/bpf_helpers.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/headers/bpf_helpers.h -------------------------------------------------------------------------------- /obie-trice-conjob/headers/linux/bpf.h: -------------------------------------------------------------------------------- 1 | ../../libbpf/include/uapi/linux/bpf.h -------------------------------------------------------------------------------- /obie-trice-conjob/headers/linux/stringify.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/headers/linux/stringify.h -------------------------------------------------------------------------------- /obie-trice-conjob/headers/perf-sys.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/headers/perf-sys.h -------------------------------------------------------------------------------- /obie-trice-conjob/kern.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/kern.c -------------------------------------------------------------------------------- /obie-trice-conjob/regs.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/obie-trice-conjob/regs.h -------------------------------------------------------------------------------- /talks/Evil_eBPF-DC27-v2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/talks/Evil_eBPF-DC27-v2.pdf -------------------------------------------------------------------------------- /talks/Fast_and_Easy_Tracing-NCC-OF-NYC.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/talks/Fast_and_Easy_Tracing-NCC-OF-NYC.pdf -------------------------------------------------------------------------------- /talks/Kernel_Tracing_With_eBPF-35C3.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/talks/Kernel_Tracing_With_eBPF-35C3.pdf -------------------------------------------------------------------------------- /unixdump/AUTHORS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/AUTHORS -------------------------------------------------------------------------------- /unixdump/MANIFEST.in: -------------------------------------------------------------------------------- 1 | include README.md ../LICENSE AUTHORS Pipfile 2 | -------------------------------------------------------------------------------- /unixdump/Pipfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/Pipfile -------------------------------------------------------------------------------- /unixdump/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/README.md -------------------------------------------------------------------------------- /unixdump/setup.cfg: -------------------------------------------------------------------------------- 1 | [metadata] 2 | license_file = ../LICENSE 3 | 4 | [bdist_wheel] 5 | universal=0 6 | 7 | -------------------------------------------------------------------------------- /unixdump/setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/setup.py -------------------------------------------------------------------------------- /unixdump/unixdump/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/__init__.py -------------------------------------------------------------------------------- /unixdump/unixdump/screen.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/screen.py -------------------------------------------------------------------------------- /unixdump/unixdump/session.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/session.py -------------------------------------------------------------------------------- /unixdump/unixdump/term_screen_wayland.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/term_screen_wayland.py -------------------------------------------------------------------------------- /unixdump/unixdump/term_screen_x11.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/term_screen_x11.py -------------------------------------------------------------------------------- /unixdump/unixdump/term_tmux_wayland.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/term_tmux_wayland.py -------------------------------------------------------------------------------- /unixdump/unixdump/term_tmux_x11.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/term_tmux_x11.py -------------------------------------------------------------------------------- /unixdump/unixdump/term_wayland.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/term_wayland.py -------------------------------------------------------------------------------- /unixdump/unixdump/term_x11.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/term_x11.py -------------------------------------------------------------------------------- /unixdump/unixdump/tmux.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/tmux.py -------------------------------------------------------------------------------- /unixdump/unixdump/ud2b.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/unixdump/unixdump/ud2b.py -------------------------------------------------------------------------------- /uprobe-ulose/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/uprobe-ulose/README.md -------------------------------------------------------------------------------- /uprobe-ulose/uprobe.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/uprobe-ulose/uprobe.c -------------------------------------------------------------------------------- /yolo-ebpf/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/yolo-ebpf/Makefile -------------------------------------------------------------------------------- /yolo-ebpf/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/yolo-ebpf/README.md -------------------------------------------------------------------------------- /yolo-ebpf/build.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/yolo-ebpf/build.sh -------------------------------------------------------------------------------- /yolo-ebpf/yolo_ebpf.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/ebpf/HEAD/yolo-ebpf/yolo_ebpf.c --------------------------------------------------------------------------------