0xMrNiko / RootKitLinks
This repository contains Loadable Kernel Modules (LKM) and LD_PRELOAD-based modules designed for penetration testing, red teaming, and security research. These tools enable advanced techniques like process hiding, syscall hooking, and runtime application manipulation.
☆14Updated 9 months ago
Alternatives and similar repositories for RootKit
Users that are interested in RootKit are comparing it to the libraries listed below
Sorting:
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆101Updated 7 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆131Updated 2 months ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated 2 years ago
- Collection of red team techniques.☆62Updated 6 months ago
- A command and control framework.☆55Updated 10 months ago
- BSides Prishtina 2024 Malware Development and Persistence workshop☆113Updated 5 months ago
- Early cascade injection PoC based on Outflanks blog post written in Rust☆59Updated 9 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆98Updated last year
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆53Updated 7 months ago
- Windows AppLocker Driver (appid.sys) LPE☆67Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆60Updated 6 months ago
- Attacking the cleanup_module function of a kernel module☆52Updated 4 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆129Updated 2 months ago
- Create Anti-Copy DRM Malware☆68Updated last year
- Modern PIC implant for Windows (64 & 32 bit)☆104Updated 3 months ago
- Dynamic shellcode loader with sophisticated evasion capabilities☆253Updated last month
- T-1 is a shellcode loader that leverages ML techniques to detect VM environments☆35Updated last year
- Bypasses AMSI protection through remote memory patching and parsing technique.☆52Updated 6 months ago
- 「⚠️」Performing a BYOVD on the truesight.sys driver☆44Updated 11 months ago
- Demoting PPL anti-malware services to less than a guest user☆63Updated 9 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆84Updated 6 months ago
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆129Updated 10 months ago
- C++ Staged Shellcode Loader with Evasion capabilities.☆98Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.☆30Updated 9 months ago
- A collection of position independent coding resources☆94Updated 2 months ago
- Windows User-Mode Shellcode Development Framework (WUMSDF)☆74Updated this week
- A bunch of scripts and code i wrote.☆144Updated last year
- A small How-To on creating your own weaponized WSL file☆117Updated 3 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…☆61Updated 6 months ago