BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co
The Missing Semester is a free, open-source educational curriculum designed to bridge the gap between theoretical computer science and the practical tooling every software engineer needs. Organized as a structured course, it covers Unix shell mastery, version control with Git, software debugging and profiling, system administration fundamentals, and computer security practices — the skills often left out of traditional degree programs. The project is maintained as a collaborative set of lecture notes, exercises, and guides that function as both a professional development tools course and a Uni
Tetragon is an eBPF-based runtime security and observability toolset designed for Linux and Kubernetes environments. It functions as a security policy manager, observability agent, and enforcement engine that hooks into kernel functions and tracepoints to detect privilege escalation, container escapes, and unauthorized system activity. The project distinguishes itself through its ability to perform real-time, in-kernel enforcement, allowing it to synchronously terminate malicious processes or modify function return values before a system call completes. It provides deep Kubernetes integration
OpenEDR is an endpoint detection and response platform designed to collect telemetry and monitor system activity to identify security breaches. It functions as a host-based intrusion detection system and telemetry collector, gathering detailed data on process, network, and file activity. The system includes a dockerized security stack that bundles search, logging, and visualization tools into containers for analyzing endpoint telemetry. It features a security event visualizer that maps process lineage and indexes logs to facilitate root-cause analysis of attacks. The platform provides capabi