Alternatives and similar repositories for rooty

Users that are interested in rooty are comparing it to the libraries listed below

• connormcgarr / Kernel-Exploits
  Kernel Exploits
  ☆255Updated 3 years ago
• reveng007 / reveng_rtkit
  Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…
  ☆254Updated last year
• shogunlab / building-c2-implants-in-cpp
  The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).
  ☆229Updated 6 months ago
• VoidSec / Exploit-Development
  Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
  ☆222Updated 2 years ago
• mav8557 / Father
  LD_PRELOAD rootkit
  ☆132Updated last year
• sha0coder / mwemu
  x86 malware emulator
  ☆222Updated this week
• therealdreg / x64dbg-exploiting
  Do you want to use x64dbg instead of immunity debugger? oscp eCPPTv2 buffer overflow exploits pocs
  ☆90Updated last year
• h3xduck / Umbra
  A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…
  ☆127Updated 3 years ago
• c0de90e7 / GhostWriting
  GhostWriting Injection Technique.
  ☆176Updated 7 years ago
• R3x / linux-rootkits
  A collection of Linux kernel rootkits found across the internet taken and put together
  ☆75Updated 2 years ago
• uf0o / rootkit-arsenal-guacamole
  An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples
  ☆70Updated 3 years ago
• xct / windows-kernel-exploits
  Some of my windows kernel exploits for learning purposes
  ☆128Updated 3 years ago
• Dec0ne / HWSyscalls
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆678Updated last year
• croemheld / lkm-rootkit
  A LKM rootkit for most newer kernel versions.
  ☆177Updated 7 years ago
• hasherezade / process_overwriting
  Yet another variant of Process Hollowing
  ☆400Updated 5 months ago
• redcode-labs / BMJ
  Code snippets for bare-metal malware development
  ☆98Updated 3 years ago
• hasherezade / antianalysis_demos
  Set of antianalysis techniques found in malware
  ☆132Updated last year
• vp777 / Windows-Non-Paged-Pool-Overflow-Exploitation
  Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CV…
  ☆228Updated 2 years ago
• forrest-orr / phantom-dll-hollower-poc
  Phantom DLL hollowing PoC
  ☆362Updated 3 years ago
• sad0p / d0zer
  Elf binary infector written in Go.
  ☆210Updated 5 months ago
• hasherezade / masm_shc
  A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
  ☆179Updated 2 months ago
• am0nsec / vx
  Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.
  ☆181Updated 3 years ago
• Error996 / bdvl
  bdvl
  ☆113Updated 3 years ago
• br-sn / CheekyBlinder
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆566Updated 2 years ago
• waleedassar / RestrictedKernelLeaks
  ☆161Updated 3 years ago
• aaaddress1 / Skrull
  Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…
  ☆457Updated 3 years ago
• yardenshafir / IoRingReadWritePrimitive
  Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2
  ☆228Updated 2 years ago
• carloslack / KoviD
  Red-Team Linux kernel rootkit
  ☆507Updated 2 months ago
• trickster0 / TartarusGate
  TartarusGate, Bypassing EDRs
  ☆592Updated 3 years ago
• namazso / linux_injector
  A simple ptrace-less shared library injector for x64 Linux
  ☆261Updated 2 years ago