BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.

Small and highly portable detection tests based on MITRE's ATT&CK.

The pattern matching swiss knife

Official git repo for iodine dns tunnel

Defeating Windows User Account Control

dperf: High-Performance Network Load Testing Tool Based on DPDK

nginx-1.9.2源码通读分析注释，带详尽函数中文分析注释以及相关函数流程调用注释，最全面的nginx源码阅读分析中文注释，更新完毕

Open Source Deep Packet Inspection Software Toolkit

A Redis HTTP interface with JSON output

The first open-source DDoS protection system

Process-aware, eBPF-based tcpdump

Hide a process under Linux using the ld preloader (https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/)

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Fast Python Bloom Filter using Mmap

QNSM is network security monitoring framework based on DPDK.

Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)

a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数，避开基于execve系统调用监控的命令日志

linux rootkit

dpdk infrastructure for software acceleration. Currently working on RX and ACL pre-filter

Junk code - needless to explain

suspicious flow checker for http and dns