This repository contains Loadable Kernel Modules (LKM) and LD_PRELOAD-based modules designed for penetration testing, red teaming, and security research. These tools enable advanced techniques like process hiding, syscall hooking, and runtime application manipulation.
☆13Feb 15, 2025Updated last year
Alternatives and similar repositories for RootKit
Users that are interested in RootKit are comparing it to the libraries listed below
Sorting:
- A collection of FreeBSD rootkit kernel modules and utilities☆13Jun 25, 2025Updated 8 months ago
- This is a VxLAN PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion☆28Jul 21, 2025Updated 7 months ago
- Evasive shellcode loader with indirect syscalls, Thread name-calling allocation, PoolParty injection☆10Feb 26, 2025Updated last year
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 9 months ago
- Certipy in Docker☆13Mar 28, 2024Updated last year
- ☆23Dec 31, 2025Updated 2 months ago
- ☆22Feb 21, 2025Updated last year
- iPhoneTracker port to Linux☆16Apr 22, 2011Updated 14 years ago
- Super performant RAG pipeline for AI apps.☆16Mar 10, 2024Updated last year
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- ☆26Aug 11, 2025Updated 6 months ago
- Windows Win32 Kernel Subsystem☆36Aug 23, 2025Updated 6 months ago
- GenZ Shellcode Generator to execute commands with winExec API☆22Apr 27, 2025Updated 10 months ago
- Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability☆24Feb 5, 2025Updated last year
- Docker container for running CobaltStrike 4.7 and above☆24Mar 20, 2025Updated 11 months ago
- Malware written in bash to serve as an initial dropper script that will provide a strong foothold on the target device via reverse shells…☆21Sep 18, 2023Updated 2 years ago
- A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run M…☆21Jul 14, 2024Updated last year
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- Event Tracing for Windows EDR bypass in Rust (usermode)☆39Jun 9, 2024Updated last year
- Shellcode capable of bypassing EAF / IAF mitigations☆28Apr 11, 2023Updated 2 years ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 6 months ago
- reverse proxy server☆19Jul 7, 2016Updated 9 years ago
- My POC implementation of HVNC (Hidden VNC / Hidden Desktop)☆28Dec 30, 2024Updated last year
- Collection of codes focused on Linux rootkits☆198Oct 22, 2025Updated 4 months ago
- Future version of the AnyBody Managed Model Repository with a full thoracic spine model.☆18Feb 2, 2026Updated 3 weeks ago
- .NET assembly loader with patching AMSI and ETW bypass☆31Apr 16, 2025Updated 10 months ago
- A malware researching repository.☆21Aug 10, 2021Updated 4 years ago
- hatsApp Message Sender is a simple Python application that allows users to send WhatsApp messages programmatically using the pywhatkit li…☆14Nov 17, 2023Updated 2 years ago
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆137Aug 31, 2025Updated 6 months ago
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆93Apr 23, 2025Updated 10 months ago
- A Rust-based dropper for shellcode payloads.☆72Mar 21, 2025Updated 11 months ago
- Official MCSR Ranked Wiki Page with VitePress☆14Feb 10, 2026Updated 2 weeks ago
- C# DInvoke Shellcode Runner☆31Feb 10, 2025Updated last year
- The God Name Server☆36Feb 9, 2026Updated 2 weeks ago
- Mockingjay process self injection POC☆48Aug 8, 2023Updated 2 years ago
- A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.☆31Feb 7, 2025Updated last year
- This tool exploits Golden DMSA attack against delegated Managed Service Accounts.☆90Jul 15, 2025Updated 7 months ago
- Test AMSI Provider implementation in C#☆42Dec 18, 2024Updated last year