Trending repositories for topic rootkit
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
This is the list of all rootkits found so far on github and other sites.
SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
This is the list of all rootkits found so far on github and other sites.
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
Masonrookit is a tool that makes your malware hidden from the process, from the task manager, all device paths and hides the connection
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
Cheat sheet to detect and remove linux kernel rootkit
windows kernel security development
LKM rootkit for modern kernels, with DNS C2 and a simple web interface
Masonrookit is a tool that makes your malware hidden from the process, from the task manager, all device paths and hides the connection
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Cheat sheet to detect and remove linux kernel rootkit
AttackMate is an attack orchestration tool that executes full attack-chains based on playbooks.
silent syscall hooking without modifying sys_call_table/handlers via patching exception handler
SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.
Plus Edition of KernelSU_Action. Use Github Action to build kernels with KernelSU. Supports all kernel versions theoretically.
A programmable and rootkit-like Windows remote access tool.
SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.
NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP
Cheat sheet to detect and remove linux kernel rootkit
Masonrookit is a tool that makes your malware hidden from the process, from the task manager, all device paths and hides the connection
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.
Cheat sheet to detect and remove linux kernel rootkit
SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.
AttackMate is an attack orchestration tool that executes full attack-chains based on playbooks.
NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
Plus Edition of KernelSU_Action. Use Github Action to build kernels with KernelSU. Supports all kernel versions theoretically.
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
stuxnet Source & Binaries. (+PLC ROOTKIT) ONLY FOR ACADEMICAL RESEARCH AND EDUCATIONAL PURPOSES! Includes: Source files, Binaries, PLC Samples,Fanny Added in another repo.
Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread. Its purpose was not just to infect PCs bu...
POC Ring3 Windows Rootkit (x86 / x64) - Hide processes and files