Red-Team LKM
☆636Dec 16, 2025Updated 2 months ago
Alternatives and similar repositories for KoviD
Users that are interested in KoviD are comparing it to the libraries listed below
Sorting:
- Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…☆267Dec 6, 2025Updated 3 months ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,945Apr 7, 2024Updated last year
- awesome-linux-rootkits☆2,035Feb 15, 2026Updated 3 weeks ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,266Jan 24, 2026Updated last month
- Linux Kernel Hacking☆750Apr 10, 2024Updated last year
- Collection of codes focused on Linux rootkits☆198Oct 22, 2025Updated 4 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆591Aug 2, 2025Updated 7 months ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆337Feb 27, 2026Updated last week
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆541Feb 13, 2024Updated 2 years ago
- A COFF loader made in Rust☆327Feb 26, 2026Updated last week
- A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…☆135Sep 19, 2021Updated 4 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- Nidhogg is an all-in-one simple to use windows kernel rootkit.☆2,276Feb 15, 2026Updated 3 weeks ago
- Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.☆2,103Feb 19, 2026Updated 2 weeks ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆384Apr 26, 2025Updated 10 months ago
- Windows Kernel Rootkit in Rust☆677Oct 10, 2025Updated 4 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆592Jun 12, 2024Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆411Jan 11, 2026Updated last month
- Dectect syscall hooking using eBPF☆169Apr 28, 2023Updated 2 years ago
- Rootkit spotter - experimental Linux rootkit finder LKM☆30Oct 11, 2020Updated 5 years ago
- A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.☆880Mar 21, 2025Updated 11 months ago
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆354Apr 26, 2025Updated 10 months ago
- Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.☆603Updated this week
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x☆132Aug 8, 2023Updated 2 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆286Jun 18, 2025Updated 8 months ago
- Demonized Shell is an Advanced Tool for persistence in linux.☆441Jan 5, 2025Updated last year
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,664Oct 19, 2023Updated 2 years ago
- Dump cookies and credentials directly from Chrome/Edge process memory☆1,410Jan 19, 2026Updated last month
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,197Oct 16, 2023Updated 2 years ago
- AdaptixC2 is a highly modular advanced redteam toolkit☆2,758Mar 2, 2026Updated last week
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,823Nov 3, 2024Updated last year
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆684Jul 7, 2024Updated last year
- ebpfkit is a rootkit powered by eBPF☆838Feb 28, 2023Updated 3 years ago
- Linux Sleep Obfuscation☆112Jan 7, 2024Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆262Jun 29, 2024Updated last year
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago
- A BOF that runs unmanaged PEs inline☆682Oct 23, 2024Updated last year