Linux / eBPF
ebpfpub
Monitors system and library calls across multiple kernel versions with minimal runtime dependencies.
View on GitHub
trailofbits/ebpfpub
Best for
Users who need compatibility with older kernels as well as newer ones.
Surface
Linux / eBPF
Catalog group
Inspect operating systems and endpoint surfaces
Repository
trailofbits/ebpfpub
From the README
ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes. As root: 1. Obtain the source code: git clone --recursive https://github.com/trailofbits/ebpfpub 2. If you cloned the repo without the --recursive flag, run git submodule update --init --recursive 3. Enter the source folder: cd ebpfpub 4.Read the full README on GitHub ↗
Related tools · Inspect operating systems and endpoint surfaces
- Linuxevents eBPF-based monitoring without shipping kernel headers or a stack of environment-specific bytecode artifacts.
- ebpf-verifier Research prototype for running the eBPF verifier outside the live kernel to make cross-version testing practical.
- winchecksec Static inspection of Windows binaries for mitigations like DEP, ASLR, and code integrity.
- pe-parse Minimal, security-focused parser for Portable Executable files built to survive malicious or malformed inputs.
- osquery-extensions Collection of Trail of Bits extensions that expand what osquery can inspect and expose.