h3xduck / UmbraLinks
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
☆129Updated 4 years ago
Alternatives and similar repositories for Umbra
Users that are interested in Umbra are comparing it to the libraries listed below
Sorting:
- LD_PRELOAD rootkit☆138Updated last year
- A Flask-based HTTP(S) command and control (C2) with a web frontend. Malleable agent written in Go.☆36Updated 2 years ago
- A local LKM rootkit loader/dropper that lists available security mechanisms☆52Updated 4 years ago
- Multi-threaded, multi-os/platform (Linux/Windows) c2 server and Windows reverse TCP shell client both written in C.☆121Updated 3 years ago
- An evil bit backdoor for iptables☆54Updated 4 years ago
- The AMSI server for Avred☆31Updated 2 years ago
- Embed an executable as a PE resource, drops and launches it in runtime.☆64Updated 4 years ago
- ☆57Updated 3 years ago
- This is a simple example of DLL hijacking enabling proxy execution.☆65Updated 2 years ago
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated 3 years ago
- Understanding WinRAR Code Execution Vulnerability (CVE-2023-38831)☆40Updated 2 years ago
- Cross-platform RAT, written in C☆88Updated 3 years ago
- Malware indetectable, with AV bypass techniques, anti-disassembly, etc.☆107Updated 5 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆110Updated 9 months ago
- Linux Kernel module-less implant (backdoor)☆74Updated 4 years ago
- Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10☆37Updated 3 years ago
- Injects shellcode into remote processes using direct syscalls☆77Updated 4 years ago
- (Sim)ulate (Ba)zar Loader☆29Updated 5 years ago
- bdvl☆115Updated 3 years ago
- Attacking the cleanup_module function of a kernel module☆53Updated 5 months ago
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit☆41Updated 2 years ago
- An example of hijacking the dynamic linker with a custom interpreter who loads and executes modular viruses☆67Updated 3 years ago
- ☆37Updated 8 months ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Updated 3 years ago
- Finding secrets in kernel and user memory☆116Updated 2 years ago
- A LKM (Loadable Kernel Module) to execute a command as root; I include a example of using netcat and a compiled(with source and steps on…☆16Updated last year
- A payload delivery system which embeds payloads in an executable's icon file!☆74Updated last year
- Resources and articles I need to take a look at. Mostly about malware/exploit development and analysis.☆85Updated 3 years ago
- Hide memory artifacts using ROP and hardware breakpoints.☆147Updated 2 years ago
- Remote Code Execution on Microsoft Exchange Server through fixed cryptographic keys☆21Updated 4 years ago