loneicewolf / EXEC_LKMLinks
A LKM (Loadable Kernel Module) to execute a command as root; I include a example of using netcat and a compiled(with source and steps on how to compile) reverse shell provided in C.
☆16Updated last year
Alternatives and similar repositories for EXEC_LKM
Users that are interested in EXEC_LKM are comparing it to the libraries listed below
Sorting:
- Injects shellcode into remote processes using direct syscalls☆77Updated 4 years ago
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated 3 years ago
- using the gpu to hide your payload☆63Updated 3 years ago
- A local LKM rootkit loader/dropper that lists available security mechanisms☆52Updated 4 years ago
- A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…☆131Updated 4 years ago
- UAC bypass abusing WinSxS in "wusa.exe". Referred from and similar to: https://github.com/L3cr0f/DccwBypassUAC , Kudos to L3cr0f and Fuz…☆33Updated 4 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 4 years ago
- 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free☆65Updated 2 years ago
- ☆57Updated 3 years ago
- A C implementation of the Sektor7 "A Thief" Windows privesc technique.☆68Updated 3 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆106Updated 4 years ago
- Crossplatform tool for inject shellcode into .exe and .dll binaries (x86 and x64)☆74Updated last year
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆39Updated 4 years ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Updated 2 years ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆53Updated 4 years ago
- lpe poc for cve-2022-21882☆49Updated 3 years ago
- Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.☆78Updated 2 years ago
- Process Hollowing demonstration & explanation☆34Updated 4 years ago
- C-based Reverse Shell that uses CMD or PowerShell☆16Updated 5 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Updated 3 years ago
- A payload delivery system which embeds payloads in an executable's icon file!☆74Updated last year
- Dell Driver EoP (CVE-2021-21551)☆32Updated 3 years ago
- Standalone Metasploit-like XOR encoder for shellcode☆50Updated last year
- NT AUTHORITY\SYSTEM☆43Updated 5 years ago
- Bypass UAC by abusing the Internet Explorer Add-on installer☆55Updated 4 years ago
- Small POC for process ghosting☆40Updated 3 years ago
- Assembly block for hooking windows API functions.☆92Updated 6 years ago
- Alleged source code leak of Osiris banking trojan☆37Updated 4 years ago
- This is a simple example of DLL hijacking enabling proxy execution.☆66Updated 2 years ago
- Simple ransomware written in Rust. Part of the building a rustomware blog post.☆34Updated 2 years ago