h3xduck / TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
☆1,807Updated 9 months ago
Alternatives and similar repositories for TripleCross:
Users that are interested in TripleCross are comparing it to the libraries listed below
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,581Updated last year
- ebpfkit is a rootkit powered by eBPF☆775Updated last year
- Credentials Dumper for Linux using eBPF☆1,128Updated 4 months ago
- awesome-linux-rootkits☆1,759Updated 2 weeks ago
- Linux Kernel Hacking☆663Updated 9 months ago
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29�☆571Updated 6 months ago
- A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.☆808Updated last year
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆1,911Updated last year
- Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your enviro…☆1,196Updated 5 months ago
- Linux/Windows post-exploitation framework made by linux user☆1,481Updated this week
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆1,420Updated last year
- LKM Linux rootkit☆2,639Updated 3 years ago
- A collaborative, multi-platform, red teaming framework☆3,386Updated this week
- Shikata ga nai (仕方がない) encoder ported into go with several improvements☆1,600Updated 11 months ago
- A post exploitation framework designed to operate covertly on heavily monitored environments☆2,068Updated 3 years ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆2,778Updated last year
- ☆2,039Updated last year
- This map lists the essential techniques to bypass anti-virus and EDR☆2,610Updated 2 months ago
- Linux kernel rootkit☆318Updated this week
- Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.☆1,376Updated 2 years ago
- DeimosC2 is a Golang command and control framework for post-exploitation.☆1,104Updated last year
- Adversary Emulation Framework☆8,819Updated this week
- Practice Go programming and implement CobaltStrike's Beacon in Go☆1,173Updated 4 years ago
- Statically-linked ssh server with reverse shell functionality for CTFs and such☆944Updated last year
- evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)☆1,432Updated last year
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,094Updated this week
- Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…☆1,556Updated last year
- An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.☆3,090Updated 3 weeks ago
- A collection of links related to VMware escape exploits☆1,394Updated 4 months ago
- Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.☆4,357Updated 2 weeks ago