Red-Team LKM
☆645May 31, 2026Updated 2 weeks ago
Alternatives and similar repositories for KoviD
Users that are interested in KoviD are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…☆271Dec 6, 2025Updated 6 months ago
- awesome-linux-rootkits☆2,069Feb 15, 2026Updated 4 months ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,366Apr 27, 2026Updated last month
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,962Apr 7, 2024Updated 2 years ago
- Linux Kernel Hacking☆765Apr 10, 2024Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Rootkit spotter - experimental Linux rootkit finder LKM☆30Oct 11, 2020Updated 5 years ago
- Collection of codes focused on Linux rootkits☆211Oct 22, 2025Updated 7 months ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆341Feb 27, 2026Updated 3 months ago
- Dectect syscall hooking using eBPF☆168Apr 28, 2023Updated 3 years ago
- ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.☆87Feb 28, 2025Updated last year
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆604Aug 2, 2025Updated 10 months ago
- The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x☆139Aug 8, 2023Updated 2 years ago
- yet another hidden LKM hunter☆33Sep 18, 2025Updated 9 months ago
- A COFF loader made in Rust☆336Mar 14, 2026Updated 3 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.☆889Mar 21, 2025Updated last year
- Windows Kernel Rootkit in Rust☆695Oct 10, 2025Updated 8 months ago
- Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.☆2,409Updated this week
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆626Jan 2, 2025Updated last year
- LD_PRELOAD Rootkit☆328Apr 5, 2025Updated last year
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,670Oct 19, 2023Updated 2 years ago
- Linux Kernel module-less implant (backdoor)☆73Mar 11, 2021Updated 5 years ago
- A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…☆134Sep 19, 2021Updated 4 years ago
- ebpfkit is a rootkit powered by eBPF☆848Feb 28, 2023Updated 3 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆552Feb 13, 2024Updated 2 years ago
- Linux Kernel hooking engine (x86)☆391Oct 14, 2025Updated 8 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆599Jun 12, 2024Updated 2 years ago
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆690Jul 7, 2024Updated last year
- Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.☆2,153May 25, 2026Updated 3 weeks ago
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆364Mar 17, 2026Updated 3 months ago
- Demonized Shell is an Advanced Tool for persistence in linux.☆452Jan 5, 2025Updated last year
- Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.☆622Updated this week
- Load a dynamic library from memory by modifying the native Windows loader☆302May 5, 2026Updated last month
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆387Apr 26, 2025Updated last year
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆133Apr 13, 2025Updated last year
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,199Oct 16, 2023Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,018Jun 4, 2024Updated 2 years ago
- Attacking the cleanup_module function of a kernel module☆57Jun 30, 2025Updated 11 months ago
- Linux Sleep Obfuscation☆129Jan 7, 2024Updated 2 years ago
- Pack/Encrypt/Obfuscate ELF + SHELL scripts☆451Apr 11, 2026Updated 2 months ago