MatheuZSecurity/detect-lkm-rootkit-cheatsheet external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

MatheuZSecurity/detect-lkm-rootkit-cheatsheet

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/MatheuZSecurity/detect-lkm-rootkit-cheatsheet)

Close

MatheuZSecurity / detect-lkm-rootkit-cheatsheetView on GitHubMore

• External links
• Readme badge

Cheat sheet to detect and remove linux kernel rootkit

☆80Dec 16, 2024Updated last year

Alternatives and similar repositories for detect-lkm-rootkit-cheatsheet

Users that are interested in detect-lkm-rootkit-cheatsheet are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• MatheuZSecurity / Rootkit

  View on GitHub
  Collection of codes focused on Linux rootkits
  ☆204Oct 22, 2025Updated 5 months ago
• MatheuZSecurity / Imperius

  View on GitHub
  Make an Linux Kernel rootkit visible again.
  ☆59Feb 27, 2025Updated last year
• R41N3RZUF477 / CVE-2023-41772

  View on GitHub
  ☆14Dec 24, 2023Updated 2 years ago
• ksen-lin / nitara2

  View on GitHub
  yet another hidden LKM hunter
  ☆32Sep 18, 2025Updated 7 months ago
• ACE-Responder / rpcfirewall-extended-telemetry

  View on GitHub
  ☆15May 3, 2024Updated last year
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• MatheuZSecurity / ksentinel

  View on GitHub
  Linux kernel integrity monitor for detecting syscall hooking
  ☆85Feb 16, 2026Updated 2 months ago
• Trevohack / R0DDY

  View on GitHub
  A ring0 Loadable Kernel Module (Linux) to log all commnds run on the system.
  ☆17Sep 30, 2025Updated 6 months ago
• MatheuZSecurity / Infector

  View on GitHub
  This is a simple process injection made in C for Linux systems
  ☆29Sep 23, 2023Updated 2 years ago
• MatheuZSecurity / UnhookingLinuxEdr

  View on GitHub
  Attacking the cleanup_module function of a kernel module
  ☆56Jun 30, 2025Updated 9 months ago
• lil-skelly / basilisk

  View on GitHub
  ☆19Mar 22, 2025Updated last year
• DualHorizon / blackpill

  View on GitHub
  A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
  ☆339Feb 27, 2026Updated last month
• MatheuZSecurity / ModTracer

  View on GitHub
  ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.
  ☆86Feb 28, 2025Updated last year
• Invoke-RE / community-malware-research

  View on GitHub
  A repository to store community malware research notes and findings.
  ☆15Feb 13, 2026Updated 2 months ago
• ulexec / ElfLocker

  View on GitHub
  PoC multi-layer protector for ELF32 x86 binaries
  ☆12Feb 26, 2022Updated 4 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• intel / vmsifter

  View on GitHub
  Framework for in-VM test execution and monitoring, inspired by Sandsifter
  ☆15Updated this week
• t-tani / defender2yara

  View on GitHub
  Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
  ☆185Updated this week
• 0xTriboulet / Abomination

  View on GitHub
  A synergized Visual Studio and Rust development environment
  ☆19Jan 25, 2025Updated last year
• mochabyte0x / TrampoLatte

  View on GitHub
  A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
  ☆18Jun 26, 2025Updated 9 months ago
• wightsci / MessageTableReader

  View on GitHub
  Read Windows message table entries.
  ☆11Feb 5, 2023Updated 3 years ago
• brosck / Frosty

  View on GitHub
  「🧊」Ring 3 Rootkit for Windows 10
  ☆60Dec 7, 2024Updated last year
• wetw0rk / wetw0rk.github.io

  View on GitHub
  ☆20Jan 14, 2026Updated 3 months ago
• Permiso-io-tools / capiche

  View on GitHub
  ☆18Feb 2, 2026Updated 2 months ago
• SEU-ProactiveSecurity-Group / LLM-PD

  View on GitHub
  Official code for the paper entitled "Toward Intelligent and Secure Cloud: Large Language Model Empowered Proactive Defense"
  ☆16Apr 10, 2025Updated last year
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• BushidoUK / Ransomware-Vulnerability-Matrix

  View on GitHub
  A collection of CVEs weaponized by ransomware operators
  ☆129Oct 13, 2025Updated 6 months ago
• duck-sec / CVE-2023-28252-Compiled-exe

  View on GitHub
  A modification to fortra's CVE-2023-28252 exploit, compiled to exe
  ☆54Jan 24, 2024Updated 2 years ago
• Sec42 / teams-decoder

  View on GitHub
  Extract messages from a local Microsoft Teams installation
  ☆15Jan 14, 2023Updated 3 years ago
• binaryninja / Malware-Knowledge-Graph

  View on GitHub
  Create malware knowledge graphs from analysis reports
  ☆40Dec 6, 2023Updated 2 years ago
• HulkOperator / AuthStager

  View on GitHub
  ☆60Oct 24, 2024Updated last year
• janekfleper / typst-fancy-units

  View on GitHub
  Format numbers and units with style
  ☆26Mar 28, 2026Updated 3 weeks ago
• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• joxeankoret / diaphora-ml

  View on GitHub
  Diaphora Machine Learning tools and datasets
  ☆23Sep 23, 2024Updated last year
• MatheuZSecurity / D3m0n1z3dShell

  View on GitHub
  Demonized Shell is an Advanced Tool for persistence in linux.
  ☆445Jan 5, 2025Updated last year
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• captainGeech42 / implant.js

  View on GitHub
  Proof-of-concept modular implant platform leveraging v8
  ☆54Mar 4, 2025Updated last year
• its-a-feature / macOSCameraCapture

  View on GitHub
  Simple CLI utility to save off an image from every webcam hooked into a mac
  ☆14May 20, 2021Updated 4 years ago
• 0xe7 / EventSniper

  View on GitHub
  ☆20Nov 6, 2023Updated 2 years ago
• som3canadian / Mythic_NimSyscallPacker_Wrapper

  View on GitHub
  Mythic C2 wrapper for NimSyscallPacker
  ☆25Mar 12, 2025Updated last year
• securelayer7 / not-a-vuln-list

  View on GitHub
  Top 2025 Vulnerabilities You Shouldn’t Accept in a Pentest Report
  ☆14Feb 6, 2025Updated last year
• LETHAL-FORENSICS / macos-collector

  View on GitHub
  macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR
  ☆41Updated this week
• roadwy / DefenderYara

  View on GitHub
  Extracted Yara rules from Windows Defender mpavbase and mpasbase
  ☆517Dec 22, 2025Updated 3 months ago