0xMrNiko / RootKitLinks
This repository contains Loadable Kernel Modules (LKM) and LD_PRELOAD-based modules designed for penetration testing, red teaming, and security research. These tools enable advanced techniques like process hiding, syscall hooking, and runtime application manipulation.
☆13Updated 5 months ago
Alternatives and similar repositories for RootKit
Users that are interested in RootKit are comparing it to the libraries listed below
Sorting:
- A collection of position independent coding resources☆90Updated 5 months ago
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆105Updated last year
- LKM rootkit for modern kernels, with DNS C2 and a simple web interface☆72Updated last month
- shell code example☆61Updated 2 months ago
- Using the Counter Strike 1.6 RCON protocol as a C2 Channel.☆81Updated 5 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆42Updated last year
- A process injection technique using only thread context manipulation☆37Updated last year
- BSides Prishtina 2024 Malware Development and Persistence workshop☆88Updated 2 months ago
- Injecting DLL into LSASS at boot☆132Updated 3 months ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆73Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆76Updated 11 months ago
- MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.☆117Updated 8 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆100Updated 4 months ago
- Unhook Ntdll.dll, Go & C++.☆27Updated 3 months ago
- Code execution/injection technique using DLL PEB module structure manipulation☆155Updated 2 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 4 months ago
- Shellcode Loader Utilizing ETW Events☆64Updated 5 months ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆65Updated 3 months ago
- Collection of red team techniques.☆59Updated 3 months ago
- ☆57Updated 3 months ago
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆113Updated 7 months ago
- A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.☆30Updated 6 months ago
- Linker for Beacon Object Files☆124Updated 3 weeks ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆95Updated 5 months ago
- A small How-To on creating your own weaponized WSL file☆101Updated 2 weeks ago
- A synergized Visual Studio and Rust development environment☆19Updated 6 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆54Updated 6 months ago
- Create Anti-Copy DRM Malware☆61Updated 11 months ago
- Malware?☆74Updated 10 months ago
- Shellcode loader that executes embedded Lua from Rust.☆117Updated 7 months ago