h3xduck / Umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
☆122Updated 3 years ago
Alternatives and similar repositories for Umbra:
Users that are interested in Umbra are comparing it to the libraries listed below
- LD_PRELOAD rootkit☆131Updated last year
- A local LKM rootkit loader/dropper that lists available security mechanisms☆52Updated 3 years ago
- A Flask-based HTTP(S) command and control (C2) framework with a web interface. Custom Windows EXE/DLL implants written in C++. For educat…☆90Updated last year
- BPFDoor Source Code. Originally found from Chinese Threat Actor Red Menshen☆44Updated 2 years ago
- Malware indetectable, with AV bypass techniques, anti-disassembly, etc.☆91Updated 4 years ago
- ☆36Updated last month
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated 2 years ago
- A Flask-based HTTP(S) command and control (C2) with a web frontend. Malleable agent written in Go.☆36Updated last year
- Resources and articles I need to take a look at. Mostly about malware/exploit development and analysis.☆82Updated 3 years ago
- ☆67Updated last year
- Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10☆38Updated 2 years ago
- -x-x-x- DO NOT RUN ON PRODUCTION MACHINE -x-x-x- LD_PRELOAD based user-land rootkit for Linux platform.☆27Updated 4 years ago
- This is a simple example of DLL hijacking enabling proxy execution.☆66Updated last year
- using the gpu to hide your payload☆56Updated 2 years ago
- Bypass Malware Time Delays☆100Updated 2 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆105Updated last month
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- Evasive Process Hollowing Techniques☆137Updated 4 years ago
- A repository dedicated to researching, documenting, developing, and ultimately, defending against various strains of malicious software.☆30Updated last week
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆80Updated last year
- Bypass Malware Sandbox Evasion Ram check☆137Updated 2 years ago
- It's pointy and it hurts!☆124Updated 2 years ago
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit☆39Updated last year
- Understanding WinRAR Code Execution Vulnerability (CVE-2023-38831)☆40Updated last year
- ☆54Updated 3 years ago
- Kernel Mode Driver for Elevating Process Privileges☆133Updated 2 years ago
- ☆95Updated 3 years ago
- (Sim)ulate (Ba)zar Loader☆29Updated 4 years ago
- A C2 framework for initial access in Go☆177Updated 2 years ago
- ☆112Updated 2 years ago