15 Resources
C/C++ rootkit Libraries
🐧MAJOR BUG GRANTS ROOT FOR ALL MAJOR LINUX DISTRIBUTIONS
🐧 MAJOR BUG GRANTS ROOT FOR ALL MAJOR LINUX DISTRIBUTIONS CTF quality exploit bla bla irresponsible disclosure terminal: [email protected]:~$ wget https://g
4.8 Rootkit Kernel LKM
4.8 Rootkit Kernel "Eu vou instalar módulos em você e vou fazer o que eu quiser!!!!" - Disse o (SER) Sigma's Rootkit Kernel para o Kernel 4.8 (Ainda c
Resolve DOS MZ executable symbols at runtime
NtSymbol Resolve DOS MZ executable symbols at runtime Example You no longer have not have to use memory pattern scan inside your sneaky rootkit. Pass
yark - Yet Another RootKit
yark - Yet Another RootKit How to Build Requirements In order to build the kernel module, you need to install the kernel-headers package corresponding
A simple Windows kernel rootkit.
Venom RootKit A simple windows rootkit that I have wrote, In order to explore a bit about the world of rootkits and windows kernel in general. The Ven
64-bit LKM Rootkit builder based on yaml prescription
1337kit - LKM Rootkit Builder About project 1337kit is 64-bit LKM Rootkit builder based on yaml prescription Fully tested on: Linux 5.11.0-34-generic
LKM Rootkit Kernel 2016 (Updated)
SIG SIG is a Linux kernel rootkit that comes as a single LKM (Loadable Kernel Module) and it is totally restricted to kernel 2.6.32. The rootkit is de
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
ebpfkit-monitor ebpfkit-monitor is an utility that you can use to statically analyse eBPF bytecode or monitor suspicious eBPF activity at runtime. It
Linux rootkit used to hide a cryptominer process and CPU usage.
Linux rootkit used to hide a cryptominer process and CPU usage.
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can be used to spawn a reverse shell to a remote host and more.
Umbra Umbra (/ˈʌmbrə/) is an experimental LKM rootkit for kernels 4.x and 5.x (up to 5.7) which opens a network backdoor that spawns reverse shells to
Windows x64 rootkit
P4tch3r Windows x64 rootkit (tested on Windows 7) It's PoC of patching NtTerminateProcess function by just overwriting instructions catching arguments
The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x
BrokePkg Brokepkg is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x and ARM64, with suport after kernel 5.7, without kallsyms_lookup_name. Tested o
Winsock accept() Backdoor Implant.
WSAAcceptBackdoor This project is a POC implementation for a DLL implant that acts as a backdoor for accept Winsock API calls. Once the DLL is injecte
An attempt to restore and adapt to modern Win10 version the Rootkit Arsenal original code samples
rootkit-arsenal-guacamole An attempt to restore and adapt to modern Win10 version the Rootkit Arsenal original code samples All projects have been por