GitHub topics: rootkit
memN0ps/illusion-rs 📦
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
Language: Rust - Size: 2.85 MB - Last synced at: about 6 hours ago - Pushed at: 10 months ago - Stars: 291 - Forks: 35
memN0ps/matrix-rs 📦
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
Language: Rust - Size: 2.58 MB - Last synced at: about 6 hours ago - Pushed at: 12 months ago - Stars: 289 - Forks: 32
gmh5225/kli-ex
Expanding Kernel Lazy Importer
Language: C++ - Size: 118 KB - Last synced at: 2 days ago - Pushed at: over 2 years ago - Stars: 32 - Forks: 9
kouzhudong/AntiHook
Enum and Remove Hook in Windows
Size: 18.3 MB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 39 - Forks: 9
sudoskys/Root
?什么你说Root?我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓
Size: 54.3 MB - Last synced at: 2 days ago - Pushed at: 11 months ago - Stars: 440 - Forks: 26
OriganOH/PhantomJS-Rootkit
👻 PhantomJS - Advanced Security Toolkit 🛡️
Language: JavaScript - Size: 17.6 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 1 - Forks: 0
grisuno/LazyOwn
LazyOwn RedTeam/APT Framework is the first RedTeam Framework with an AI-powered C&C, featuring rootkits to conceal campaigns, undetectable malleable implants compatible with Windows/Linux/Mac OSX, and self-configuring backdoors. With its Web interface and powerful Console Client, it is the best combination for your RedTeam/APT campaigns.
Language: HTML - Size: 259 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 68 - Forks: 25
GeorgevirSingh/dark-kill
# dark-killA user-mode code and its rootkit that permanently kills EDR processes using Process Creation Blocking Kernel Callback Routine and ZwTerminateProcess. ⚙️ This project includes instructions for building both the client and the driver, ensuring a smooth setup. 🛠️
Language: C++ - Size: 13.7 KB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 1 - Forks: 0
provrb/react
Remote Elevation and Persistence Access Control Technique. User mode rootkit that takes advantage of System32 mock directory and DLL Hijacking. Created for education purposes and not to be distributed.
Language: C - Size: 96.7 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 4 - Forks: 2
ldpreload/Medusa
LD_PRELOAD Rootkit
Language: C - Size: 708 KB - Last synced at: 4 days ago - Pushed at: 3 months ago - Stars: 254 - Forks: 63
SaadAhla/dark-kill
A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.
Language: C++ - Size: 15.6 KB - Last synced at: 7 days ago - Pushed at: 14 days ago - Stars: 141 - Forks: 35
MatheuZSecurity/Rootkit
Collection of codes focused on Linux rootkits
Language: C - Size: 74.6 MB - Last synced at: 2 days ago - Pushed at: 10 days ago - Stars: 130 - Forks: 32
cr0nx/awesome-linux-attack-forensics-purplelabs
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Size: 95.7 KB - Last synced at: 7 days ago - Pushed at: over 2 years ago - Stars: 289 - Forks: 38
CYBER-MRINAL/LINUX-DEFENDER
Linux-Defender 🛡️ A robust Linux hardening script for securing your system in one shot ⚙️🔐 ✅ Checks for rootkits, malware, and suspicious activity 🔥 Configures firewall, antivirus, and audit tools 🎯 Supports Arch, Debian, Kali, and Parrot OS 🕵️♂️ Includes kali-anonsurf support for anonymous browsing on Kali
Language: Shell - Size: 67.4 KB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 2 - Forks: 0
jussihi/SMM-Rootkit
SMM rootkit similar to LoJax or MosaicRegressor
Language: C - Size: 214 KB - Last synced at: 1 day ago - Pushed at: over 1 year ago - Stars: 125 - Forks: 29
gmh5225/CallMeWin32kDriver
Load your driver like win32k.sys
Language: C++ - Size: 23.4 KB - Last synced at: 2 days ago - Pushed at: almost 3 years ago - Stars: 255 - Forks: 75
memN0ps/eagle-rs 📦
Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
Language: Rust - Size: 450 KB - Last synced at: 4 days ago - Pushed at: about 2 years ago - Stars: 559 - Forks: 71
milabs/awesome-linux-rootkits
awesome-linux-rootkits
Size: 74.2 KB - Last synced at: 11 days ago - Pushed at: 6 months ago - Stars: 1,856 - Forks: 249
jm33-m0/emp3r0r
Linux/Windows post-exploitation framework made by linux user
Language: Go - Size: 144 MB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 1,555 - Forks: 268
rwxrob/bonzai
Dashist CLI framework, batteries included
Language: Go - Size: 3.86 MB - Last synced at: 3 days ago - Pushed at: 6 months ago - Stars: 227 - Forks: 22
mempodippy/vlany
Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
Language: C - Size: 1.17 MB - Last synced at: 6 days ago - Pushed at: over 4 years ago - Stars: 956 - Forks: 195
ExpLife0011/awesome-windows-kernel-security-development
windows kernel security development
Size: 3.25 MB - Last synced at: 11 days ago - Pushed at: almost 3 years ago - Stars: 2,010 - Forks: 539
mephistolist/tito
In-Memory Rootkit For Linux
Language: Shell - Size: 360 KB - Last synced at: 15 days ago - Pushed at: 15 days ago - Stars: 70 - Forks: 11
3a1/Elysium
UEFI Bootkit that bypass signature checks to load unsigned driver as mcupdate.dll
Language: C - Size: 314 KB - Last synced at: 15 days ago - Pushed at: 15 days ago - Stars: 0 - Forks: 0
DualHorizon/blackpill
A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
Language: Rust - Size: 282 KB - Last synced at: 13 days ago - Pushed at: 6 months ago - Stars: 326 - Forks: 41
faris77s/rootkit
rootkit password 1
Size: 2.87 MB - Last synced at: 16 days ago - Pushed at: 16 days ago - Stars: 4 - Forks: 2
Gui774ume/ebpfkit
ebpfkit is a rootkit powered by eBPF
Language: C - Size: 7.63 MB - Last synced at: 8 days ago - Pushed at: over 2 years ago - Stars: 800 - Forks: 93
alfonmga/hiding-cryptominers-linux-rootkit 📦
Linux rootkit POC to hide a crypto miner's process and CPU usage.
Language: C - Size: 19.5 KB - Last synced at: 5 days ago - Pushed at: over 1 year ago - Stars: 76 - Forks: 39
sad0p/d0zer
Elf binary infector written in Go.
Language: Go - Size: 136 KB - Last synced at: 1 day ago - Pushed at: 5 months ago - Stars: 210 - Forks: 36
slep2-0/WindowsRootkit
Read the README
Language: C++ - Size: 235 KB - Last synced at: 18 days ago - Pushed at: 18 days ago - Stars: 5 - Forks: 0
ait-aecid/caraxes
Academic research rootkit using ftrace-hooking to hide files and processes via magic word or user/group. Tested until Linux 6.11.
Language: C - Size: 143 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 23 - Forks: 0
bitdefender/hvmi
Hypervisor Memory Introspection Core Library
Language: C - Size: 13.5 MB - Last synced at: 14 days ago - Pushed at: about 1 year ago - Stars: 648 - Forks: 68
ait-testbed/attackmate
AttackMate is an attack orchestration tool that executes full attack-chains based on playbooks.
Language: Python - Size: 8.81 MB - Last synced at: 18 days ago - Pushed at: about 1 month ago - Stars: 36 - Forks: 6
theSecHunter/Hades-Windows
Hades HIDS/HIPS for Windows
Language: C++ - Size: 484 MB - Last synced at: 21 days ago - Pushed at: 21 days ago - Stars: 280 - Forks: 94
MatheuZSecurity/ElfDoor-gcc
ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
Language: C - Size: 519 KB - Last synced at: 21 days ago - Pushed at: 2 months ago - Stars: 111 - Forks: 16
adamhlt/Basic-Rootkit
POC Ring3 Windows Rootkit (x86 / x64) - Hide processes and files
Language: C++ - Size: 788 KB - Last synced at: 4 days ago - Pushed at: almost 2 years ago - Stars: 55 - Forks: 19
mrexodia/TitanHide
Hiding kernel-driver for x86/x64.
Language: C - Size: 847 KB - Last synced at: 23 days ago - Pushed at: 23 days ago - Stars: 2,315 - Forks: 437
MatheuZSecurity/UnhookingLinuxEdr
Attacking the cleanup_module function of a kernel module
Size: 11.7 KB - Last synced at: 21 days ago - Pushed at: 3 months ago - Stars: 35 - Forks: 11
Horyxima/Simple-RunPE-Process-Hollowing
The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.
Language: C# - Size: 47.9 KB - Last synced at: 24 days ago - Pushed at: 24 days ago - Stars: 0 - Forks: 0
daem0nc0re/VectorKernel
PoCs for Kernelmode rootkit techniques research.
Language: C# - Size: 17.5 MB - Last synced at: 5 days ago - Pushed at: 5 months ago - Stars: 375 - Forks: 62
brosck/Frosty
「🧊」Ring 3 Rootkit for Windows 10
Language: C - Size: 425 KB - Last synced at: 22 days ago - Pushed at: 7 months ago - Stars: 57 - Forks: 16
ngn13/shrk
LKM rootkit for modern kernels, with DNS C2 and a simple web interface
Language: C - Size: 898 KB - Last synced at: 22 days ago - Pushed at: 3 months ago - Stars: 69 - Forks: 8
joaoviictorti/shadow-rs
Windows Kernel Rootkit in Rust
Language: Rust - Size: 459 KB - Last synced at: 26 days ago - Pushed at: 26 days ago - Stars: 604 - Forks: 66
AxtMueller/Windows-Batch-Deployment
A programmable and rootkit-like Windows remote access tool.
Size: 94.1 MB - Last synced at: 14 days ago - Pushed at: about 1 year ago - Stars: 139 - Forks: 50
xl7dev/WebShell
Webshell && Backdoor Collection
Language: PHP - Size: 23.4 MB - Last synced at: 26 days ago - Pushed at: about 5 years ago - Stars: 1,893 - Forks: 1,036
m0nad/Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Language: C - Size: 28.3 KB - Last synced at: 26 days ago - Pushed at: almost 2 years ago - Stars: 2,038 - Forks: 458
bytecode77/r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
Language: C - Size: 5.08 MB - Last synced at: 27 days ago - Pushed at: 3 months ago - Stars: 1,931 - Forks: 433
UEFI-code/Linux-Danger
Forget Ring3. Run EVERYTHING in Ring0!
Language: C - Size: 147 MB - Last synced at: 20 days ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 2
HARM4Y/Karlann
It's a kernel-based keylogger for Windows x86/x64.
Language: C - Size: 354 KB - Last synced at: 20 days ago - Pushed at: almost 3 years ago - Stars: 139 - Forks: 50
0xbitx/DEDSEC_BOTNET
Linux-based botnet builder designed for creating advanced botnet payloads.
Size: 19 MB - Last synced at: 26 days ago - Pushed at: 30 days ago - Stars: 87 - Forks: 16
thebigcicca/HiddenGhost
HiddenGhost is an new solution for find system call table with support for 5.7x kernels +
Language: C - Size: 98.6 KB - Last synced at: 4 days ago - Pushed at: about 1 month ago - Stars: 4 - Forks: 1
3intermute/arm64_silent_syscall_hook
silent syscall hooking without modifying sys_call_table/handlers via patching exception handler
Language: C - Size: 58.6 KB - Last synced at: 12 days ago - Pushed at: about 1 year ago - Stars: 131 - Forks: 38
XaFF-XaFF/Black-Angel-Rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
Language: C++ - Size: 173 KB - Last synced at: about 1 month ago - Pushed at: over 1 year ago - Stars: 640 - Forks: 110
XaFF-XaFF/Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
Language: C++ - Size: 10.6 MB - Last synced at: about 1 month ago - Pushed at: about 3 years ago - Stars: 907 - Forks: 187
skyw4tch3r/RootKits-List-Download
This is the list of all rootkits found so far on github and other sites.
Size: 24.4 KB - Last synced at: about 1 month ago - Pushed at: about 2 years ago - Stars: 1,329 - Forks: 385
h3xduck/TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
Language: C - Size: 86.4 MB - Last synced at: about 1 month ago - Pushed at: about 1 year ago - Stars: 1,851 - Forks: 233
Uyriahz/Simple-RunPE-Process-Hollowing
The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.
Language: C# - Size: 42 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
Cr4sh/s6_pcie_microblaze
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
Language: C - Size: 38.4 MB - Last synced at: about 1 month ago - Pushed at: about 1 year ago - Stars: 795 - Forks: 162
JKornev/hidden
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
Language: C - Size: 665 KB - Last synced at: about 1 month ago - Pushed at: almost 3 years ago - Stars: 1,904 - Forks: 495
Yaianyang/Simple-RunPE-Process-Hollowing
The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.
Language: C# - Size: 42 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
Idov31/Nidhogg
Nidhogg is an all-in-one simple to use windows kernel rootkit.
Language: C++ - Size: 723 KB - Last synced at: about 1 month ago - Pushed at: 2 months ago - Stars: 1,985 - Forks: 290
KeyaShah03/KernelSU
A Kernel based root solution for Android
Language: Kotlin - Size: 11.9 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
RUTHER-DEV/Process-Hider
Hide processes from Task Manager by manually mapping itself into it and hooking NtQuerySystemInformation
Language: C++ - Size: 26.4 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
screetsec/Vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
Language: Shell - Size: 48.8 KB - Last synced at: about 1 month ago - Pushed at: almost 3 years ago - Stars: 730 - Forks: 164
vkobel/linux-syscall-hook-rootkit
Simple kernel module that hooks the `execve` syscall and waits for `date` to be executed with the `backd00r` argument followed by a PID number, elevating it to root credentials.
Language: C - Size: 19.5 KB - Last synced at: 21 days ago - Pushed at: about 5 years ago - Stars: 24 - Forks: 4
tkmru/awesome-linux-rootkits
a summary of linux rootkits published on GitHub
Size: 3.91 KB - Last synced at: 10 days ago - Pushed at: about 5 years ago - Stars: 177 - Forks: 23
byt3n33dl3/Isabella
Rootkit and Kernel attack kit, 𝗜𝘀𝗮𝗯𝗲𝗹𝗹𝗮 program Enables Cyber Attacks to gain access from Machines without being detected.
Language: C - Size: 31.3 KB - Last synced at: 2 days ago - Pushed at: 11 months ago - Stars: 10 - Forks: 1
landhb/HideProcess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
Language: C - Size: 6.85 MB - Last synced at: about 1 month ago - Pushed at: about 6 years ago - Stars: 676 - Forks: 116
mav8557/Father
LD_PRELOAD rootkit
Language: C - Size: 47.9 KB - Last synced at: 15 days ago - Pushed at: over 1 year ago - Stars: 132 - Forks: 32
Lucas-Paz-Silva/titan
Next.js 15 fullstack template with better-auth for authentication and drizzle-orm as the orm
Language: TypeScript - Size: 421 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
Washaion/Simple-RunPE-Process-Hollowing
The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.
Language: C# - Size: 42 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
rphang/evilBPF
Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP
Language: C - Size: 1.8 MB - Last synced at: 20 days ago - Pushed at: 10 months ago - Stars: 52 - Forks: 15
malefax/Adrishya
Author of Project Adrishya a rootkit which use ftrace mechanism to hook syscall; (write this because God commanded me); work for both x86_64 and arm; CREDIT-(Oleksii Lozovskyi{ilammy})FOUNDER OF FTRACE HOOKING
Language: C - Size: 493 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 14 - Forks: 1
gmh5225/Driver-SoulExtraction
SoulExtraction is a windows driver library for extracting cert information in windows drivers
Language: C - Size: 91.8 KB - Last synced at: 2 days ago - Pushed at: over 2 years ago - Stars: 24 - Forks: 6
MatheuZSecurity/ModTracer
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.
Language: C - Size: 36.1 KB - Last synced at: about 1 month ago - Pushed at: 4 months ago - Stars: 80 - Forks: 10
Taimenak/Simple-RunPE-Process-Hollowing
The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.
Language: C# - Size: 39.1 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
h3xduck/Umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
Language: C - Size: 190 MB - Last synced at: 9 days ago - Pushed at: almost 4 years ago - Stars: 127 - Forks: 28
nullcel/dollarnine
A self-propagating worm driven by an embedded rootkit
Language: C++ - Size: 3.49 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
MikeHorn-git/LKD
Linux Kernel development lab. With LKM rootkit samples
Language: C - Size: 27.3 KB - Last synced at: about 1 month ago - Pushed at: about 2 months ago - Stars: 5 - Forks: 0
sapellaniz/lkm_unhide
LKM unhide is a LKM Rootkits Detection Tool for Linux Kernels 5.x/6.x.
Language: C - Size: 1000 Bytes - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0
XaFF-XaFF/Kernel-Process-Hollowing
Windows x64 kernel mode rootkit process hollowing POC.
Language: C++ - Size: 27.3 KB - Last synced at: about 1 month ago - Pushed at: almost 2 years ago - Stars: 189 - Forks: 27
Reakt0rPhantom/Stuxnet-Rootkit
Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis
Size: 0 Bytes - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0
eversinc33/Banshee
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
Language: C++ - Size: 666 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 535 - Forks: 78
loneicewolf/LOJAX
LOJAX ROOTKIT (UEFI) +PDF Included[x]
Size: 2.43 MB - Last synced at: about 1 month ago - Pushed at: over 2 years ago - Stars: 33 - Forks: 14
Qiunzman/Simple-RunPE-Process-Hollowing
The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.
Language: C# - Size: 39.1 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0
UmaRex01/YMC
A plug-and-play, extendible and customizable Windows driver that lands your malware capabilities in kernel-land.
Size: 4.88 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0
b3c001/bico_lkm
Bico_LKM é um rootkit escrito em C e possui funcionamento em nivel de kernel (ring0)
Language: C - Size: 37.1 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 3 - Forks: 0
carloslack/KoviD
Red-Team Linux kernel rootkit
Language: C - Size: 26.8 MB - Last synced at: about 2 months ago - Pushed at: 2 months ago - Stars: 362 - Forks: 60
KastMain/Simple-RunPE-Process-Hollowing
The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.
Language: C# - Size: 38.1 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0
UEFI-code/WindowsDanger
A REALLY Danger Windows Driver, Turn Any threads Ring0!
Language: C - Size: 98.6 MB - Last synced at: about 1 month ago - Pushed at: 3 months ago - Stars: 8 - Forks: 3
idchoppers/nt_rootkit
A kernel mode rootkit for NT.
Language: C - Size: 97.7 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 1 - Forks: 0
therealdreg/cgaty
Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
Language: C - Size: 253 MB - Last synced at: about 15 hours ago - Pushed at: almost 2 years ago - Stars: 72 - Forks: 14
nurupo/rootkit
Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
Language: C - Size: 25.4 KB - Last synced at: about 1 month ago - Pushed at: about 1 year ago - Stars: 798 - Forks: 202
guill777/ElfDoor-gcc
ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
Language: C - Size: 519 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0
0xbitx/DEDSEC_ZIPHITE
Linux-based tool that injects covert malicious code into a legitimate Python script.
Size: 6.84 MB - Last synced at: 26 days ago - Pushed at: 2 months ago - Stars: 0 - Forks: 1
Idov31/Jormungandr
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
Language: C++ - Size: 48.8 KB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 225 - Forks: 27
Gui774ume/ebpfkit-monitor
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
Language: C - Size: 168 KB - Last synced at: 3 months ago - Pushed at: over 2 years ago - Stars: 128 - Forks: 17
flashnuke/mod-rootkit
Kernel-space x86_64 Linux rootkit leveraging kprobes and ftrace for syscall hooking (hiding entries and reverse shell backdoor)
Language: C - Size: 161 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 7 - Forks: 0
rickmark/mojo_thor
Research about malware that infects the EFI and SMC of Apple MacBooks.
Language: Assembly - Size: 144 MB - Last synced at: 2 months ago - Pushed at: 3 months ago - Stars: 57 - Forks: 12
gmh5225/FakeEnclave
A poc that abuses Enclave
Language: C++ - Size: 12.7 KB - Last synced at: 2 days ago - Pushed at: almost 3 years ago - Stars: 38 - Forks: 8