MatheuZSecurity/detect-lkm-rootkit-cheatsheet external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

MatheuZSecurity/detect-lkm-rootkit-cheatsheet

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/MatheuZSecurity/detect-lkm-rootkit-cheatsheet)

Close

MatheuZSecurity / detect-lkm-rootkit-cheatsheetView on GitHubMore

• External links
• Readme badge

Cheat sheet to detect and remove linux kernel rootkit

☆83Dec 16, 2024Updated last year

Alternatives and similar repositories for detect-lkm-rootkit-cheatsheet

Users that are interested in detect-lkm-rootkit-cheatsheet are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• MatheuZSecurity / Rootkit

  View on GitHub
  Collection of codes focused on Linux rootkits
  ☆212Oct 22, 2025Updated 7 months ago
• MatheuZSecurity / Imperius

  View on GitHub
  Make an Linux Kernel rootkit visible again.
  ☆60Feb 27, 2025Updated last year
• R41N3RZUF477 / CVE-2023-41772

  View on GitHub
  ☆14Dec 24, 2023Updated 2 years ago
• ACE-Responder / rpcfirewall-extended-telemetry

  View on GitHub
  ☆16May 3, 2024Updated 2 years ago
• MatheuZSecurity / ksentinel

  View on GitHub
  Linux kernel integrity monitor for detecting syscall hooking
  ☆85Feb 16, 2026Updated 3 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• MatheuZSecurity / Infector

  View on GitHub
  This is a simple process injection made in C for Linux systems
  ☆30Sep 23, 2023Updated 2 years ago
• lil-skelly / basilisk

  View on GitHub
  ☆21Mar 22, 2025Updated last year
• MatheuZSecurity / UnhookingLinuxEdr

  View on GitHub
  Attacking the cleanup_module function of a kernel module
  ☆60Jun 30, 2025Updated 11 months ago
• DualHorizon / blackpill

  View on GitHub
  A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
  ☆340Feb 27, 2026Updated 3 months ago
• zimnyaa / LEOPARDSEAL

  View on GitHub
  A simple Linux in-memory .so loader
  ☆34Mar 29, 2023Updated 3 years ago
• MatheuZSecurity / ModTracer

  View on GitHub
  ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.
  ☆87Feb 28, 2025Updated last year
• Invoke-RE / community-malware-research

  View on GitHub
  A repository to store community malware research notes and findings.
  ☆16Feb 13, 2026Updated 3 months ago
• ulexec / ElfLocker

  View on GitHub
  PoC multi-layer protector for ELF32 x86 binaries
  ☆12Feb 26, 2022Updated 4 years ago
• intel / vmsifter

  View on GitHub
  Framework for in-VM test execution and monitoring, inspired by Sandsifter
  ☆16Apr 14, 2026Updated last month
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• t-tani / defender2yara

  View on GitHub
  Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
  ☆194Updated this week
• sandflysecurity / sandfly-file-decloak

  View on GitHub
  Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.
  ☆29Sep 29, 2025Updated 8 months ago
• 0xTriboulet / Abomination

  View on GitHub
  A synergized Visual Studio and Rust development environment
  ☆19Jan 25, 2025Updated last year
• mochabyte0x / TrampoLatte

  View on GitHub
  A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
  ☆19Jun 26, 2025Updated 11 months ago
• wightsci / MessageTableReader

  View on GitHub
  Read Windows message table entries.
  ☆11Feb 5, 2023Updated 3 years ago
• ColeHouston / Sunder

  View on GitHub
  Windows rootkit designed to work with BYOVD exploits
  ☆221Jan 18, 2025Updated last year
• wetw0rk / wetw0rk.github.io

  View on GitHub
  ☆20Jan 14, 2026Updated 4 months ago
• Permiso-io-tools / capiche

  View on GitHub
  ☆18Feb 2, 2026Updated 3 months ago
• SEU-ProactiveSecurity-Group / LLM-PD

  View on GitHub
  Official code for the paper entitled "Toward Intelligent and Secure Cloud: Large Language Model Empowered Proactive Defense"
  ☆16Apr 10, 2025Updated last year
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• brosck / Frosty

  View on GitHub
  「🧊」Ring 3 Rootkit for Windows 10
  ☆63Dec 7, 2024Updated last year
• duck-sec / CVE-2023-28252-Compiled-exe

  View on GitHub
  A modification to fortra's CVE-2023-28252 exploit, compiled to exe
  ☆55Jan 24, 2024Updated 2 years ago
• Sec42 / teams-decoder

  View on GitHub
  Extract messages from a local Microsoft Teams installation
  ☆15Jan 14, 2023Updated 3 years ago
• pard0p / LibWinHttp

  View on GitHub
  LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…
  ☆45Nov 4, 2025Updated 6 months ago
• binaryninja / Malware-Knowledge-Graph

  View on GitHub
  Create malware knowledge graphs from analysis reports
  ☆40Dec 6, 2023Updated 2 years ago
• janekfleper / typst-fancy-units

  View on GitHub
  Format numbers and units with style
  ☆25Mar 28, 2026Updated 2 months ago
• joxeankoret / diaphora-ml

  View on GitHub
  Diaphora Machine Learning tools and datasets
  ☆23Sep 23, 2024Updated last year
• MatheuZSecurity / D3m0n1z3dShell

  View on GitHub
  Demonized Shell is an Advanced Tool for persistence in linux.
  ☆451Jan 5, 2025Updated last year
• 0xflux / ETW-Bypass-Rust

  View on GitHub
  Event Tracing for Windows EDR bypass in Rust (usermode)
  ☆41Jun 9, 2024Updated last year
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• MNEMO-CERT / PoC--CVE-2019-10149_Exim

  View on GitHub
  PoC for CVE-2019-10149, this vulnerability could be xploited betwen 4-87 to 4.91 version of Exim server.
  ☆14Jun 18, 2019Updated 6 years ago
• captainGeech42 / implant.js

  View on GitHub
  Proof-of-concept modular implant platform leveraging v8
  ☆55Mar 4, 2025Updated last year
• its-a-feature / macOSCameraCapture

  View on GitHub
  Simple CLI utility to save off an image from every webcam hooked into a mac
  ☆14May 20, 2021Updated 5 years ago
• roadwy / Record

  View on GitHub
  ☆16May 22, 2014Updated 12 years ago
• som3canadian / Mythic_NimSyscallPacker_Wrapper

  View on GitHub
  Mythic C2 wrapper for NimSyscallPacker
  ☆26Mar 12, 2025Updated last year
• securelayer7 / not-a-vuln-list

  View on GitHub
  Top 2025 Vulnerabilities You Shouldn’t Accept in a Pentest Report
  ☆14Feb 6, 2025Updated last year
• roadwy / DefenderYara

  View on GitHub
  Extracted Yara rules from Windows Defender mpavbase and mpasbase
  ☆531May 14, 2026Updated 2 weeks ago