h3xduck / UmbraView external linksLinks
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
☆134Sep 19, 2021Updated 4 years ago
Alternatives and similar repositories for Umbra
Users that are interested in Umbra are comparing it to the libraries listed below
Sorting:
- Offensive Linux tool for network attacks. Built from the ground with only C.☆14May 1, 2021Updated 4 years ago
- bdvl☆117Feb 26, 2022Updated 3 years ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,937Apr 7, 2024Updated last year
- LD_PRELOAD rootkit☆138Feb 29, 2024Updated last year
- ☆309May 16, 2022Updated 3 years ago
- Go implementation of the Heaven's Gate technique☆102Feb 11, 2021Updated 5 years ago
- A local LKM rootkit loader/dropper that lists available security mechanisms☆52Sep 4, 2021Updated 4 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆107Jan 3, 2021Updated 5 years ago
- Linux rust keylogger☆18Mar 1, 2024Updated last year
- Rootkit spotter - experimental Linux rootkit finder LKM☆30Oct 11, 2020Updated 5 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- Exactly what it sounds like, which is something rad☆22Oct 12, 2022Updated 3 years ago
- A LKM rootkit for most newer kernel versions.☆180Sep 17, 2017Updated 8 years ago
- Pass the Hash to a named pipe for token Impersonation☆313Nov 29, 2023Updated 2 years ago
- Red-Team LKM☆633Dec 16, 2025Updated 2 months ago
- Linux Kernel module-less implant (backdoor)☆73Mar 11, 2021Updated 4 years ago
- Disable PPL via custom driver and dump lsass☆15Mar 13, 2021Updated 4 years ago
- A Golang Registry parser☆19Feb 3, 2025Updated last year
- Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.☆1,659Oct 19, 2023Updated 2 years ago
- TCP Port Redirection Utility☆760Jan 31, 2023Updated 3 years ago
- ☆50Jun 28, 2022Updated 3 years ago
- Small and convenient C2 tool for Windows targets☆612Mar 8, 2022Updated 3 years ago
- An evil bit backdoor for iptables☆55Apr 14, 2021Updated 4 years ago
- ☆18Jul 3, 2020Updated 5 years ago
- ☆124May 12, 2021Updated 4 years ago
- Command and Control that uses NTP as the transport protocol.☆26Jan 29, 2022Updated 4 years ago
- Killing your preferred antimalware by abusing native symbolic links and NT paths.☆358Jan 29, 2022Updated 4 years ago
- A quick LKM rootkit that executes a reverse TCP netcat shell with root privileges.☆41Jun 8, 2018Updated 7 years ago
- Bring your own print driver privilege escalation tool☆259Aug 5, 2021Updated 4 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆581Mar 8, 2024Updated last year
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆74May 20, 2021Updated 4 years ago
- various slides and presentations I've worked on☆19Mar 21, 2025Updated 10 months ago
- LD_PRELOAD Rootkit☆300Apr 5, 2025Updated 10 months ago
- Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.☆227Aug 10, 2019Updated 6 years ago
- Load a dynamic library from memory using a fuse mount☆31Sep 15, 2023Updated 2 years ago
- Evasive ELF Static PIE User-Land-Exec featured in Tmpout Vol 1.☆28Sep 11, 2021Updated 4 years ago
- A C2 post-exploitation framework☆483Jan 24, 2024Updated 2 years ago
- The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x☆132Aug 8, 2023Updated 2 years ago