This repository contains Loadable Kernel Modules (LKM) and LD_PRELOAD-based modules designed for penetration testing, red teaming, and security research. These tools enable advanced techniques like process hiding, syscall hooking, and runtime application manipulation.
☆13Feb 15, 2025Updated last year
Alternatives and similar repositories for RootKit
Users that are interested in RootKit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows security research toolkit for LPE, persistence, COM hijacking, and attack surface enumeration.☆199Jun 13, 2026Updated 2 weeks ago
- Tools for attacking Computer Use Agents☆32Jan 16, 2026Updated 5 months ago
- Evasive shellcode loader with indirect syscalls, Thread name-calling allocation, PoolParty injection☆10Feb 26, 2025Updated last year
- Collection of codes focused on Linux rootkits☆213Oct 22, 2025Updated 8 months ago
- Super performant RAG pipeline for AI apps.☆17Mar 10, 2024Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- This is a VxLAN PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion☆32Jul 21, 2025Updated 11 months ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 11 months ago
- Certipy in Docker☆13Mar 28, 2024Updated 2 years ago
- ☆26Dec 31, 2025Updated 6 months ago
- ASPX ShellCode Loader☆54Jan 27, 2024Updated 2 years ago
- iPhoneTracker port to Linux☆18Apr 22, 2011Updated 15 years ago
- My dotfiles for Linux boxes☆58Jun 12, 2026Updated 2 weeks ago
- Event Tracing for Windows EDR bypass in Rust (usermode)☆41Jun 9, 2024Updated 2 years ago
- reverse proxy server☆20Jul 7, 2016Updated 9 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Short Python script for parsing Defender VDM signature files.☆10Sep 22, 2024Updated last year
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run M…☆21Jul 14, 2024Updated last year
- ShellcodeFluctuation PoC ported to Nim☆77Oct 14, 2022Updated 3 years ago
- Windows Shell Link (LNK) Proof of Concept☆16Jul 19, 2025Updated 11 months ago
- Public exploits☆16May 28, 2018Updated 8 years ago
- Tamper Active Directory user attributes to collect their hashes with MS-SNTP☆65Jan 21, 2025Updated last year
- Draugnet is a lightweight, open-source tool for anonymous cyber threat reporting. Built for the MISP ecosystem, it lets users submit and …☆20Jun 16, 2026Updated 2 weeks ago
- Exploit systems using older WinRAR without knowing their username (unlike other projects)☆36Aug 17, 2025Updated 10 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- A Rust-based dropper for shellcode payloads.☆72Mar 21, 2025Updated last year
- 使用kcp实现的socks5正向代理☆12Dec 9, 2023Updated 2 years ago
- My POC implementation of HVNC (Hidden VNC / Hidden Desktop)☆28Dec 30, 2024Updated last year
- ☆27Aug 11, 2025Updated 10 months ago
- C# DInvoke Shellcode Runner☆31Feb 10, 2025Updated last year
- Signature finder (from PE-bear)☆40Jun 5, 2026Updated 3 weeks ago
- Transfer file over Dns☆10Nov 26, 2024Updated last year
- A ring0 Loadable Kernel Module (Linux) to log all commnds run on the system.☆17Jun 24, 2026Updated last week
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆66Apr 2, 2025Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability☆24Feb 5, 2025Updated last year
- Scans a list of raccoon servers from Tria.ge and extracts the config☆15Jun 5, 2023Updated 3 years ago
- Docker container for running CobaltStrike 4.7 and above☆25Mar 20, 2025Updated last year
- ☆30Jun 18, 2025Updated last year
- A Rust version of Mirage, a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆39Mar 6, 2025Updated last year
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆138Aug 31, 2025Updated 10 months ago
- Obfuscate specific windows apis with different apis☆12Jul 31, 2024Updated last year