MatheuZSecurity / RootkitLinks
Collection of codes focused on Linux rootkits
☆143Updated last month
Alternatives and similar repositories for Rootkit
Users that are interested in Rootkit are comparing it to the libraries listed below
Sorting:
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆117Updated 3 months ago
- BSides Prishtina 2024 Malware Development and Persistence workshop☆88Updated 2 months ago
- ☆160Updated 5 months ago
- Cheat sheet to detect and remove linux kernel rootkit☆68Updated 7 months ago
- ☆143Updated last month
- ☆67Updated 6 months ago
- Payload encoding utility to effectively lower payload entropy.☆119Updated 3 months ago
- The result of research and investigation of malware development tricks, techniques, evasion, cryptography and linux malware☆53Updated 4 months ago
- Using the Counter Strike 1.6 RCON protocol as a C2 Channel.☆81Updated 5 months ago
- Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis☆64Updated 10 months ago
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY☆196Updated 3 months ago
- Proof of concept & details for CVE-2025-21298☆188Updated 6 months ago
- Windows rootkit designed to work with BYOVD exploits☆204Updated 6 months ago
- Tools for analyzing EDR agents☆238Updated last year
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆149Updated last week
- ☆105Updated last year
- ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.☆84Updated 5 months ago
- ☆151Updated 3 months ago
- ☆37Updated 7 months ago
- Basic reverse shell in C using socket() with complete explanation☆65Updated 2 years ago
- (0day) Local Privilege Escalation in IObit Malware Fighter☆146Updated 4 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆206Updated 7 months ago
- CVE-2024-30090 - LPE PoC☆107Updated 9 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆230Updated 9 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆113Updated 11 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 4 months ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆195Updated 5 months ago
- A Mythic Agent written in PIC C.☆196Updated 6 months ago
- ☆107Updated 9 months ago
- Command and Control (C2) framework☆128Updated 2 months ago