Red-Team LKM
☆650May 31, 2026Updated last month
Alternatives and similar repositories for KoviD
Users that are interested in KoviD are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…☆272Dec 6, 2025Updated 7 months ago
- awesome-linux-rootkits☆2,073Feb 15, 2026Updated 4 months ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,406Apr 27, 2026Updated 2 months ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,968Apr 7, 2024Updated 2 years ago
- Linux Kernel Hacking☆768Apr 10, 2024Updated 2 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Rootkit spotter - experimental Linux rootkit finder LKM☆30Oct 11, 2020Updated 5 years ago
- Collection of codes focused on Linux rootkits☆213Oct 22, 2025Updated 8 months ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆341Feb 27, 2026Updated 4 months ago
- Dectect syscall hooking using eBPF☆168Apr 28, 2023Updated 3 years ago
- ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.☆87Feb 28, 2025Updated last year
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆607Aug 2, 2025Updated 11 months ago
- The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x☆141Aug 8, 2023Updated 2 years ago
- yet another hidden LKM hunter☆33Sep 18, 2025Updated 9 months ago
- A COFF loader made in Rust☆341Mar 14, 2026Updated 3 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.☆889Mar 21, 2025Updated last year
- Windows Kernel Rootkit in Rust☆696Oct 10, 2025Updated 8 months ago
- Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.☆2,428Jun 26, 2026Updated last week
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆627Jan 2, 2025Updated last year
- LD_PRELOAD Rootkit☆329Apr 5, 2025Updated last year
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,673Oct 19, 2023Updated 2 years ago
- Linux Kernel module-less implant (backdoor)☆73Mar 11, 2021Updated 5 years ago
- A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…☆134Sep 19, 2021Updated 4 years ago
- ebpfkit is a rootkit powered by eBPF☆852Feb 28, 2023Updated 3 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆552Feb 13, 2024Updated 2 years ago
- Linux Kernel hooking engine (x86)☆392Oct 14, 2025Updated 8 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆598Jun 12, 2024Updated 2 years ago
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆692Jul 7, 2024Updated 2 years ago
- Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.☆2,158May 25, 2026Updated last month
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆366Mar 17, 2026Updated 3 months ago
- Demonized Shell is an Advanced Tool for persistence in linux.☆453Jan 5, 2025Updated last year
- Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.☆628Updated this week
- Load a dynamic library from memory by modifying the native Windows loader☆304May 5, 2026Updated 2 months ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆387Apr 26, 2025Updated last year
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆134Apr 13, 2025Updated last year
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,199Oct 16, 2023Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,020Jun 4, 2024Updated 2 years ago
- Attacking the cleanup_module function of a kernel module☆58Jun 30, 2025Updated last year
- Linux Sleep Obfuscation☆130Jan 7, 2024Updated 2 years ago
- Pack/Encrypt/Obfuscate ELF + SHELL scripts☆457Apr 11, 2026Updated 2 months ago