TheMalwareGuardian / Awesome-Bootkits-Rootkits-DevelopmentLinks
A curated compilation of extensive resources dedicated to bootkit and rootkit development.
☆107Updated last month
Alternatives and similar repositories for Awesome-Bootkits-Rootkits-Development
Users that are interested in Awesome-Bootkits-Rootkits-Development are comparing it to the libraries listed below
Sorting:
- Early work on Benthic Windows Kernel Rootkit☆55Updated last month
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆232Updated 10 months ago
- Collection of codes focused on Linux rootkits☆154Updated this week
- Windows rootkit designed to work with BYOVD exploits☆206Updated 8 months ago
- ☆161Updated 6 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆352Updated last year
- (0day) Local Privilege Escalation in IObit Malware Fighter☆154Updated 5 months ago
- BSides Prishtina 2024 Malware Development and Persistence workshop☆98Updated 3 months ago
- Early Work on Abyss Windows UEFI Bootkit☆43Updated last month
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆210Updated last year
- Admin to Kernel code execution using the KSecDD driver☆257Updated last year
- Injecting DLL into LSASS at boot☆138Updated 4 months ago
- kernel callback removal (Bypassing EDR Detections)☆190Updated 6 months ago
- This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead…☆131Updated 4 months ago
- ☆357Updated 3 months ago
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆123Updated 5 months ago
- Windows x64 kernel mode rootkit process hollowing POC.☆189Updated 2 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆288Updated last year
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆114Updated last year
- ☆37Updated last year
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆316Updated last year
- Write-ups and proof of concepts of design and implementaion of various modern malwares.☆29Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆354Updated 7 months ago
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆330Updated 11 months ago
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY☆217Updated 5 months ago
- Sleep obfuscation☆238Updated 9 months ago
- Activation Context Hijack☆165Updated last month
- ☆265Updated 2 years ago
- Cybersecurity research results. Simple C/C++ and Python implementations☆255Updated last week
- simple user-mode Rootkit☆106Updated 2 years ago