Alternatives and similar repositories for linux-rootkits:

Users that are interested in linux-rootkits are comparing it to the libraries listed below

• milabs / kopycat
  Linux Kernel module-less implant (backdoor)
  ☆72Updated 4 years ago
• h3xduck / Umbra
  A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…
  ☆122Updated 3 years ago
• elfmaster / linker_preloading_virus
  An example of hijacking the dynamic linker with a custom interpreter who loads and executes modular viruses
  ☆62Updated 3 years ago
• lcashdol / UPX
  A utility to fix intentionally corrupted UPX packed files.
  ☆85Updated last year
• VoidSec / Exploit-Development
  Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
  ☆220Updated last year
• waleedassar / RestrictedKernelLeaks
  ☆158Updated 3 years ago
• connormcgarr / Kernel-Exploits
  Kernel Exploits
  ☆250Updated 3 years ago
• pathtofile / bpf-hookdetect
  Dectect syscall hooking using eBPF
  ☆149Updated last year
• Error996 / bdvl
  bdvl
  ☆113Updated 3 years ago
• d3npa / freebsd-rootkits
  Exercises from Designing BSD Rootkits working in 2020 with FreeBSD 12.2
  ☆46Updated 2 years ago
• Sentinel-One / peafl64
  Static Binary Instrumentation tool for Windows x64 executables
  ☆198Updated last month
• ayoubfaouzi / linux-kernel
  Linux kernel internals' notes
  ☆19Updated 7 months ago
• reveng007 / reveng_rtkit
  Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…
  ☆247Updated last year
• Notselwyn / netkit
  Linux rootkit for educational purposes
  ☆30Updated 11 months ago
• ChrisTheCoolHut / Linux_kernel_exploitation
  https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development
  ☆42Updated 3 years ago
• milabs / kjector
  Code injection from Linux kernel to a process
  ☆19Updated last year
• IridiumXOR / uclibc-sig
  IDA SIG files for multiarch uClibc library
  ☆38Updated 6 years ago
• arnaugamez / talks
  Slides, recordings and materials of my public presentations, talks and workshops.
  ☆75Updated this week
• raminfp / basic-windows-kernel-programming
  Windows Kernel Programming
  ☆124Updated 4 years ago
• Sauercloud / RWCTF21-VirtualBox-61-escape
  0day VirtualBox 6.1.2 Escape for RealWorld CTF 2020/2021 CVE-2021-2119
  ☆139Updated 4 years ago
• W3ndige / linux-process-injection
  Proof of concept for injecting simple shellcode via ptrace into a running process.
  ☆69Updated 2 years ago
• binarly-io / Research_Publications
  ☆118Updated 3 weeks ago
• RITRedteam / goofkit
  In line function hooking LKM rootkit
  ☆51Updated 5 years ago
• yrp604 / bochscpu
  ☆78Updated last month
• Signal-Labs / IOCTLDump
  ☆142Updated last year
• SilentVoid13 / Silent_Packer
  An ELF / PE binary packer written in pure C, made for fun
  ☆86Updated 11 months ago
• Velocidex / Linpmem
  Linpmem is a linux memory acquisition tool
  ☆78Updated 10 months ago
• NozomiNetworks / upx-recovery-tool
  ☆101Updated 2 years ago
• therealdreg / nasm_linux_x86_64_pure_sharedlib
  NASM Linux x86_64 pure (no deps) shared library (.so), POC for Reflective ELF SO injection
  ☆29Updated last year
• linuxthor / rkspotter
  Rootkit spotter - experimental Linux rootkit finder LKM
  ☆27Updated 4 years ago