Collection of codes focused on Linux rootkits
☆198Oct 22, 2025Updated 4 months ago
Alternatives and similar repositories for Rootkit
Users that are interested in Rootkit are comparing it to the libraries listed below
Sorting:
- Cheat sheet to detect and remove linux kernel rootkit☆78Dec 16, 2024Updated last year
- Kernel module that allows hiding files in any filesystem☆23Dec 20, 2024Updated last year
- ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.☆86Feb 28, 2025Updated last year
- Make an Linux Kernel rootkit visible again.☆59Feb 27, 2025Updated last year
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- Shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆137Dec 22, 2024Updated last year
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆133Apr 13, 2025Updated 10 months ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆337Jun 23, 2025Updated 8 months ago
- Attacking the cleanup_module function of a kernel module☆57Jun 30, 2025Updated 8 months ago
- Shellcode encryptor using a substitution cipher with a randomly generated key.☆141Jan 18, 2025Updated last year
- Linux kernel integrity monitor for detecting syscall hooking☆64Feb 16, 2026Updated last week
- Red-Team LKM☆637Dec 16, 2025Updated 2 months ago
- This repository contains Loadable Kernel Modules (LKM) and LD_PRELOAD-based modules designed for penetration testing, red teaming, and se…☆13Feb 15, 2025Updated last year
- Thats it! An Open-Source Windows UEFI Rootkit☆28Jul 19, 2025Updated 7 months ago
- Demonized Shell is an Advanced Tool for persistence in linux.☆437Jan 5, 2025Updated last year
- A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.☆67Feb 11, 2025Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆232Feb 12, 2025Updated last year
- ☆409Dec 8, 2024Updated last year
- Stage 0☆169Dec 18, 2024Updated last year
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆246Nov 2, 2025Updated 3 months ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- Rust Linux Kernel Module designed for LKM rootkit detection☆59Mar 12, 2025Updated 11 months ago
- ☆18Mar 22, 2025Updated 11 months ago
- Windows Kernel Rootkit in Rust☆679Oct 10, 2025Updated 4 months ago
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Customizable Linux Persistence Tool for Security Research and Detection Engineering.☆852Mar 5, 2025Updated 11 months ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆423Sep 29, 2025Updated 4 months ago
- dump Chrome cookies remotely with atexec and CDP☆69Aug 10, 2024Updated last year
- 「⚔️」Ring 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.x☆27Apr 10, 2025Updated 10 months ago
- A PoC for Early Cascade process injection technique.☆211Jan 30, 2025Updated last year
- ☆31Feb 28, 2025Updated 11 months ago
- In-Memory Rootkit For Linux and BSD☆87Aug 9, 2025Updated 6 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆41Aug 28, 2024Updated last year
- Pack/Encrypt/Obfuscate ELF + SHELL scripts☆434Dec 9, 2025Updated 2 months ago
- Simulate the behavior of AV/EDR for malware development training.☆561Feb 15, 2024Updated 2 years ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- Leak of any user's NetNTLM hash. Fixed in KB5040434☆260Aug 13, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year