TheMalwareGuardian / Awesome-Bootkits-Rootkits-DevelopmentLinks
A curated compilation of extensive resources dedicated to bootkit and rootkit development.
☆69Updated 3 months ago
Alternatives and similar repositories for Awesome-Bootkits-Rootkits-Development
Users that are interested in Awesome-Bootkits-Rootkits-Development are comparing it to the libraries listed below
Sorting:
- Early work on Benthic Windows Kernel Rootkit☆54Updated last month
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆230Updated 9 months ago
- Collection of codes focused on Linux rootkits☆143Updated last month
- ☆160Updated 5 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆168Updated 5 months ago
- Windows rootkit designed to work with BYOVD exploits☆204Updated 6 months ago
- Early Work on Abyss Windows UEFI Bootkit☆43Updated last month
- BSides Prishtina 2024 Malware Development and Persistence workshop☆88Updated 2 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆351Updated last year
- (0day) Local Privilege Escalation in IObit Malware Fighter☆146Updated 4 months ago
- ☆38Updated last year
- simple user-mode Rootkit☆105Updated 2 years ago
- The result of research and investigation of malware development tricks, techniques, evasion, cryptography and linux malware☆53Updated 4 months ago
- Windows x64 kernel mode rootkit process hollowing POC.☆191Updated 2 years ago
- kernel-mode DLL Injector☆103Updated 3 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆113Updated 11 months ago
- kernel callback removal (Bypassing EDR Detections)☆184Updated 4 months ago
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆118Updated 3 months ago
- Admin to Kernel code execution using the KSecDD driver☆253Updated last year
- Injecting DLL into LSASS at boot☆132Updated 3 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆202Updated last year
- ☆345Updated last month
- Using the Counter Strike 1.6 RCON protocol as a C2 Channel.☆81Updated 5 months ago
- A dynamic unpacking tool☆140Updated last year
- This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead…☆125Updated 2 months ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆65Updated 3 months ago
- Windows syscall SDK with dynamic offset resolution, validation, obfuscation, and multi language bindings. Bypass API hooks across differe…☆37Updated last week
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆180Updated 2 years ago
- Patching "signtool.exe" to accept expired certificates for code-signing.☆284Updated last year
- "Service-less" driver loading☆158Updated 8 months ago