h3xduck / TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
☆1,838Updated last year
Alternatives and similar repositories for TripleCross:
Users that are interested in TripleCross are comparing it to the libraries listed below
- Credentials Dumper for Linux using eBPF☆1,135Updated 7 months ago
- ebpfkit is a rootkit powered by eBPF☆789Updated 2 years ago
- A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29☆598Updated 9 months ago
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,606Updated last year
- A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.☆830Updated last month
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆1,989Updated last year
- Linux Kernel Hacking☆685Updated last year
- awesome-linux-rootkits☆1,820Updated 3 months ago
- Linux/Windows post-exploitation framework made by linux user☆1,532Updated last week
- A collection of links related to VMware escape exploits☆1,416Updated 7 months ago
- Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your enviro…☆1,216Updated 8 months ago
- Red-Team Linux kernel rootkit☆348Updated 2 months ago
- LKM Linux rootkit☆2,705Updated 4 years ago
- Practice Go programming and implement CobaltStrike's Beacon in Go☆1,192Updated 4 years ago
- A post exploitation framework designed to operate covertly on heavily monitored environments☆2,090Updated 3 years ago
- DeimosC2 is a Golang command and control framework for post-exploitation.☆1,113Updated last week
- Connect like there is no firewall. Securely.☆1,671Updated this week
- Shikata ga nai (仕方がない) encoder ported into go with several improvements☆1,683Updated last year
- Hide a process under Linux using the ld preloader (https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/)☆1,061Updated 5 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆1,437Updated last year
- A tool to kill antimalware protected processes☆1,435Updated 3 years ago
- A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls o…☆1,102Updated 2 years ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆2,805Updated last year
- Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…☆1,602Updated 2 years ago
- Open-Source Shellcode & PE Packer☆1,936Updated last year
- Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)☆1,302Updated 2 months ago
- CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation☆566Updated 2 years ago
- Statically-linked ssh server with reverse shell functionality for CTFs and such☆961Updated 2 years ago
- Various kernel exploits☆773Updated last year
- ☆2,081Updated 2 years ago