0xMrNiko / RootKitLinks
This repository contains Loadable Kernel Modules (LKM) and LD_PRELOAD-based modules designed for penetration testing, red teaming, and security research. These tools enable advanced techniques like process hiding, syscall hooking, and runtime application manipulation.
☆14Updated 8 months ago
Alternatives and similar repositories for RootKit
Users that are interested in RootKit are comparing it to the libraries listed below
Sorting:
- Bypass user-land hooks by syscall tampering via the Trap Flag☆127Updated 2 months ago
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆53Updated 6 months ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆73Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆76Updated 2 months ago
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆47Updated 3 months ago
- Demoting PPL anti-malware services to less than a guest user☆63Updated 8 months ago
- A command and control framework.☆55Updated 10 months ago
- A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.☆30Updated 8 months ago
- A collection of position independent coding resources☆94Updated last month
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆100Updated 7 months ago
- Attacking the cleanup_module function of a kernel module☆48Updated 3 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆50Updated 5 months ago
- ☆108Updated 11 months ago
- Modern PIC implant for Windows (64 & 32 bit)☆103Updated 3 months ago
- BSides Prishtina 2024 Malware Development and Persistence workshop☆102Updated 4 months ago
- Reports on Driver, LSASS and other security services mitigations☆32Updated 2 months ago
- ☆60Updated 6 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆94Updated last year
- Unhook Ntdll.dll, Go & C++.☆30Updated 6 months ago
- Collection of red team techniques.☆61Updated 6 months ago
- T-1 is a shellcode loader that leverages ML techniques to detect VM environments☆35Updated 11 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- Section-based payload obfuscation technique for x64☆64Updated last year
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆117Updated last year
- shell code example☆63Updated 3 weeks ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆109Updated 2 years ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆128Updated last month
- Early cascade injection PoC based on Outflanks blog post written in Rust☆56Updated 8 months ago
- 「⚠️」Performing a BYOVD on the truesight.sys driver☆44Updated 10 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆106Updated 9 months ago