Red-Team LKM
☆642May 17, 2026Updated last week
Alternatives and similar repositories for KoviD
Users that are interested in KoviD are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…☆267Dec 6, 2025Updated 5 months ago
- awesome-linux-rootkits☆2,065Feb 15, 2026Updated 3 months ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,336Apr 27, 2026Updated last month
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,960Apr 7, 2024Updated 2 years ago
- Linux Kernel Hacking☆762Apr 10, 2024Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Rootkit spotter - experimental Linux rootkit finder LKM☆30Oct 11, 2020Updated 5 years ago
- Collection of codes focused on Linux rootkits☆212Oct 22, 2025Updated 7 months ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆340Feb 27, 2026Updated 3 months ago
- Dectect syscall hooking using eBPF☆170Apr 28, 2023Updated 3 years ago
- ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.☆87Feb 28, 2025Updated last year
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆602Aug 2, 2025Updated 9 months ago
- The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x☆137Aug 8, 2023Updated 2 years ago
- yet another hidden LKM hunter☆33Sep 18, 2025Updated 8 months ago
- A COFF loader made in Rust☆335Mar 14, 2026Updated 2 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.☆890Mar 21, 2025Updated last year
- Windows Kernel Rootkit in Rust☆689Oct 10, 2025Updated 7 months ago
- Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.☆2,371Feb 15, 2026Updated 3 months ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆629Jan 2, 2025Updated last year
- LD_PRELOAD Rootkit☆321Apr 5, 2025Updated last year
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,668Oct 19, 2023Updated 2 years ago
- Linux Kernel module-less implant (backdoor)☆73Mar 11, 2021Updated 5 years ago
- A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…☆134Sep 19, 2021Updated 4 years ago
- ebpfkit is a rootkit powered by eBPF☆844Feb 28, 2023Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆550Feb 13, 2024Updated 2 years ago
- Linux Kernel hooking engine (x86)☆392Oct 14, 2025Updated 7 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆596Jun 12, 2024Updated last year
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆683Jul 7, 2024Updated last year
- Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.☆2,145Apr 28, 2026Updated last month
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆362Mar 17, 2026Updated 2 months ago
- Demonized Shell is an Advanced Tool for persistence in linux.☆451Jan 5, 2025Updated last year
- Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.☆620May 22, 2026Updated last week
- Load a dynamic library from memory by modifying the native Windows loader☆302May 5, 2026Updated 3 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Attacking the cleanup_module function of a kernel module☆58Jun 30, 2025Updated 10 months ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆389Apr 26, 2025Updated last year
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆133Apr 13, 2025Updated last year
- Linux Sleep Obfuscation☆117Jan 7, 2024Updated 2 years ago
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,200Oct 16, 2023Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,018Jun 4, 2024Updated last year
- Pack/Encrypt/Obfuscate ELF + SHELL scripts☆449Apr 11, 2026Updated last month