Trending repositories for topic rootkit

Hiding kernel-driver for x86/x64.

awesome-linux-rootkits

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

Hiding kernel-driver for x86/x64.

awesome-linux-rootkits

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

awesome-linux-rootkits

Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Webshell && Backdoor Collection

Hiding kernel-driver for x86/x64.

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

Linux kernel rootkit

？什么你说Root？我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓

Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

This is the list of all rootkits found so far on github and other sites.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP

Load your driver like win32k.sys

Experimental Windows x64 Kernel Rootkit.

InfinityHookPro Win7 -> Win11 latest

Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP

NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg

Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

Linux kernel rootkit

？什么你说Root？我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Load your driver like win32k.sys

Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)

awesome-linux-rootkits

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

Webshell && Backdoor Collection

Experimental Windows x64 Kernel Rootkit.

InfinityHookPro Win7 -> Win11 latest

Hiding kernel-driver for x86/x64.

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

This is the list of all rootkits found so far on github and other sites.

ebpfkit is a rootkit powered by eBPF

Hiding kernel-driver for x86/x64.

Nidhogg is an all-in-one simple to use rootkit.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Experimental Windows x64 Kernel Rootkit.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

awesome-linux-rootkits

Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

Linux kernel rootkit

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

Linux/Windows post-exploitation framework made by linux user

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

Load your driver like win32k.sys

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Webshell && Backdoor Collection

Now You See Me, Now You Don't

Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)

This is the list of all rootkits found so far on github and other sites.

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg

Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)

Linux kernel rootkit

Malware and malicious applications database

Experimental Windows x64 Kernel Rootkit.

Load your driver like win32k.sys

Expanding Kernel Lazy Importer

SMM rootkit similar to LoJax or MosaicRegressor

PoC Windows Usermode Rootkit made in C# and C++, made to show you how to protect your process using hooking.

stuxnet Source & Binaries. (+PLC ROOTKIT) ONLY FOR ACADEMICAL RESEARCH AND EDUCATIONAL PURPOSES! Includes: Source files, Binaries, PLC Samples,Fanny Added in another repo.

Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread. Its purpose was not just to infect PCs bu...

Hanoman is an GUI antivirus engine sigature based detection 🐒

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

一款windows64位的ark工具 rootkit

「🧊」Ring 3 Rootkit for Windows 10

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

LD_PRELOAD Rootkit

Hiding kernel-driver for x86/x64.

PoCs for Kernelmode rootkit techniques research.

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

Windows x64 kernel mode rootkit process hollowing POC.

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

「🧊」Ring 3 Rootkit for Windows 10

NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg

Plus Edition of KernelSU_Action. Use Github Action to build kernels with KernelSU. Supports all kernel versions theoretically.

Nidhogg is an all-in-one simple to use rootkit.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Experimental Windows x64 Kernel Rootkit.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Hiding kernel-driver for x86/x64.

awesome-linux-rootkits

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

PoCs for Kernelmode rootkit techniques research.

Now You See Me, Now You Don't

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Linux/Windows post-exploitation framework made by linux user

Webshell && Backdoor Collection

Windows x64 kernel mode rootkit process hollowing POC.

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

windows kernel security development

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

ebpfkit is a rootkit powered by eBPF

？什么你说Root？我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓

LD_PRELOAD Rootkit

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

Windows x64 kernel mode rootkit process hollowing POC.

PoCs for Kernelmode rootkit techniques research.

Experimental Windows x64 Kernel Rootkit.

「🧊」Ring 3 Rootkit for Windows 10

NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg

LD_PRELOAD Rootkit

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)

POC Ring3 Windows Rootkit (x86 / x64) - Hide processes and files

Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread. Its purpose was not just to infect PCs bu...

Expanding Kernel Lazy Importer

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

It's a kernel-based keylogger for Windows x86/x64.

stuxnet Source & Binaries. (+PLC ROOTKIT) ONLY FOR ACADEMICAL RESEARCH AND EDUCATIONAL PURPOSES! Includes: Source files, Binaries, PLC Samples,Fanny Added in another repo.

Linux kernel rootkit

一款windows64位的ark工具 rootkit

Nidhogg is an all-in-one simple to use rootkit.

Now You See Me, Now You Don't

？什么你说Root？我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓

PoC Windows Usermode Rootkit made in C# and C++, made to show you how to protect your process using hooking.