h3xduck / Umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
☆123Updated 3 years ago
Alternatives and similar repositories for Umbra:
Users that are interested in Umbra are comparing it to the libraries listed below
- A local LKM rootkit loader/dropper that lists available security mechanisms☆52Updated 3 years ago
- Malware indetectable, with AV bypass techniques, anti-disassembly, etc.☆97Updated 5 years ago
- A Flask-based HTTP(S) command and control (C2) with a web frontend. Malleable agent written in Go.☆36Updated last year
- BPFDoor Source Code. Originally found from Chinese Threat Actor Red Menshen☆45Updated 2 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆106Updated 2 months ago
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated 2 years ago
- Linux Kernel module-less implant (backdoor)☆72Updated 4 years ago
- ☆55Updated 3 years ago
- LD_PRELOAD rootkit☆131Updated last year
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- This is a simple example of DLL hijacking enabling proxy execution.☆66Updated 2 years ago
- Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10☆37Updated 2 years ago
- ☆67Updated last year
- A Flask-based HTTP(S) command and control (C2) framework with a web interface. Custom Windows EXE/DLL implants written in C++. For educat…☆90Updated last year
- Finding secrets in kernel and user memory☆115Updated last year
- ☆96Updated 3 years ago
- ☆113Updated 2 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆101Updated 3 years ago
- EDR Detector that can find what kind of endpoint solution is being used according to drivers in the system.☆94Updated 3 years ago
- -x-x-x- DO NOT RUN ON PRODUCTION MACHINE -x-x-x- LD_PRELOAD based user-land rootkit for Linux platform.☆27Updated 4 years ago
- A C2 framework for initial access in Go☆180Updated 2 years ago
- Detect strange memory regions and DLLs☆183Updated 3 years ago
- Bypass Malware Sandbox Evasion Ram check☆137Updated 2 years ago
- A payload delivery system which embeds payloads in an executable's icon file!☆73Updated last year
- Let's try to create a rootkit!☆20Updated 5 years ago
- bdvl☆113Updated 3 years ago
- (Sim)ulate (Ba)zar Loader☆29Updated 4 years ago
- Understanding WinRAR Code Execution Vulnerability (CVE-2023-38831)☆41Updated last year
- Linux x86_64 Process Injection Utility☆59Updated 4 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Updated 2 years ago