Collection of codes focused on Linux rootkits
☆203Oct 22, 2025Updated 4 months ago
Alternatives and similar repositories for Rootkit
Users that are interested in Rootkit are comparing it to the libraries listed below
Sorting:
- Cheat sheet to detect and remove linux kernel rootkit☆78Dec 16, 2024Updated last year
- This repository contains Loadable Kernel Modules (LKM) and LD_PRELOAD-based modules designed for penetration testing, red teaming, and se…☆13Feb 15, 2025Updated last year
- Windows rootkit designed to work with BYOVD exploits☆217Jan 18, 2025Updated last year
- Kernel module that allows hiding files in any filesystem☆24Dec 20, 2024Updated last year
- Make an Linux Kernel rootkit visible again.☆59Feb 27, 2025Updated last year
- ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.☆86Feb 28, 2025Updated last year
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆338Feb 27, 2026Updated 3 weeks ago
- Linux kernel integrity monitor for detecting syscall hooking☆81Feb 16, 2026Updated last month
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆133Apr 13, 2025Updated 11 months ago
- Attacking the cleanup_module function of a kernel module☆56Jun 30, 2025Updated 8 months ago
- Shellcode loader written in C and Assembly utilizing direct or indirect syscalls to evade UM EDR hooks☆139Dec 22, 2024Updated last year
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- An x64 binary executing code that's not inside of it.☆17Feb 28, 2023Updated 3 years ago
- Red-Team LKM☆636Dec 16, 2025Updated 3 months ago
- Demonized Shell is an Advanced Tool for persistence in linux.☆443Jan 5, 2025Updated last year
- Stage 0☆169Dec 18, 2024Updated last year
- This is a simple process injection made in C for Linux systems☆30Sep 23, 2023Updated 2 years ago
- dump Chrome cookies remotely with atexec and CDP☆69Aug 10, 2024Updated last year
- ☆410Dec 8, 2024Updated last year
- Thats it! An Open-Source Windows UEFI Rootkit☆29Jul 19, 2025Updated 8 months ago
- ☆18Mar 22, 2025Updated 11 months ago
- A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.☆67Feb 11, 2025Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆234Feb 12, 2025Updated last year
- Rust Linux Kernel Module designed for LKM rootkit detection☆60Mar 12, 2025Updated last year
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆246Mar 9, 2026Updated last week
- ☆31Feb 28, 2025Updated last year
- Shellcode encryptor using a substitution cipher with a randomly generated key.☆142Jan 18, 2025Updated last year
- A PoC for Early Cascade process injection technique.☆214Jan 30, 2025Updated last year
- ☆29Sep 4, 2024Updated last year
- Stealthy Linux Kernel Rootkit for modern kernels (6x)☆1,520Feb 26, 2026Updated 3 weeks ago
- Userland exec PoC to be used as attack vector technique☆96Oct 23, 2025Updated 4 months ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆424Sep 29, 2025Updated 5 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆200Dec 30, 2025Updated 2 months ago
- ☆159Dec 13, 2024Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆41Aug 28, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆82Jun 25, 2025Updated 8 months ago
- ☆25Dec 3, 2024Updated last year