mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update monitor-method-ebpf.md

Browse source
This commit is contained in:
Gustavo Iñiguez Goia 2021-09-12 00:51:02 +02:00 committed by GitHub
parent 5f2c8cadbb
commit a5a7ffba02
Failed to generate hash of commit
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
wiki/monitor-method-ebpf.md
View file

@ -17,7 +17,10 @@ Why is it better to use this process monitor method?
---
This technology allow us to intercept processes faster and in a more secure way. ProcFS is easier to fool:
https://github.com/gianlucaborello/libprocesshider
- https://github.com/gianlucaborello/libprocesshider
- https://xcellerator.github.io/posts/linux_rootkits_06/
- https://xcellerator.github.io/posts/linux_rootkits_07/
- https://xcellerator.github.io/posts/linux_rootkits_08/
We can also intercept connections initiated from kernel space, like those initiated by rootkits or VPNs: