carloslack / KoviDView external linksLinks
Red-Team LKM
☆633Dec 16, 2025Updated 2 months ago
Alternatives and similar repositories for KoviD
Users that are interested in KoviD are comparing it to the libraries listed below
Sorting:
- Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…☆265Dec 6, 2025Updated 2 months ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,937Apr 7, 2024Updated last year
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,257Jan 24, 2026Updated 3 weeks ago
- awesome-linux-rootkits☆2,023Updated this week
- Linux Kernel Hacking☆748Apr 10, 2024Updated last year
- Collection of codes focused on Linux rootkits☆197Oct 22, 2025Updated 3 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆587Aug 2, 2025Updated 6 months ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆337Jun 23, 2025Updated 7 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆539Feb 13, 2024Updated 2 years ago
- A COFF loader made in Rust☆327Aug 20, 2025Updated 5 months ago
- A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…☆134Sep 19, 2021Updated 4 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆612Jan 2, 2025Updated last year
- Nidhogg is an all-in-one simple to use windows kernel rootkit.☆2,202Feb 1, 2026Updated 2 weeks ago
- Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.☆2,091Feb 8, 2026Updated last week
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆381Apr 26, 2025Updated 9 months ago
- Windows Kernel Rootkit in Rust☆679Oct 10, 2025Updated 4 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆591Jun 12, 2024Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆408Jan 11, 2026Updated last month
- Dectect syscall hooking using eBPF☆168Apr 28, 2023Updated 2 years ago
- Rootkit spotter - experimental Linux rootkit finder LKM☆30Oct 11, 2020Updated 5 years ago
- A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.☆878Mar 21, 2025Updated 10 months ago
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆355Apr 26, 2025Updated 9 months ago
- Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.☆593Updated this week
- Cobalt Strike UDRL for memory scanner evasion.☆1,004Jun 4, 2024Updated last year
- The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x☆132Aug 8, 2023Updated 2 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆282Jun 18, 2025Updated 7 months ago
- Demonized Shell is an Advanced Tool for persistence in linux.☆433Jan 5, 2025Updated last year
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,659Oct 19, 2023Updated 2 years ago
- Dump cookies and credentials directly from Chrome/Edge process memory☆1,401Jan 19, 2026Updated 3 weeks ago
- AdaptixC2 is a highly modular advanced redteam toolkit☆2,697Feb 8, 2026Updated last week
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,199Oct 16, 2023Updated 2 years ago
- Generic PE loader for fast prototyping evasion techniques☆244Jul 2, 2024Updated last year
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,813Nov 3, 2024Updated last year
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆680Jul 7, 2024Updated last year
- ebpfkit is a rootkit powered by eBPF☆831Feb 28, 2023Updated 2 years ago
- Linux Sleep Obfuscation☆107Jan 7, 2024Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆258Jun 29, 2024Updated last year
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago
- LD_PRELOAD Rootkit☆300Apr 5, 2025Updated 10 months ago