loneicewolf / EXEC_LKMLinks
A LKM (Loadable Kernel Module) to execute a command as root; I include a example of using netcat and a compiled(with source and steps on how to compile) reverse shell provided in C.
☆16Updated 10 months ago
Alternatives and similar repositories for EXEC_LKM
Users that are interested in EXEC_LKM are comparing it to the libraries listed below
Sorting:
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆50Updated 2 years ago
- using the gpu to hide your payload☆59Updated 3 years ago
- Standalone Metasploit-like XOR encoder for shellcode☆48Updated last year
- NT AUTHORITY\SYSTEM☆39Updated 5 years ago
- Crossplatform tool for inject shellcode into .exe and .dll binaries (x86 and x64)☆70Updated last year
- Injects shellcode into remote processes using direct syscalls☆79Updated 4 years ago
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated 2 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆40Updated 4 years ago
- (Sim)ulate (Ba)zar Loader☆29Updated 4 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆106Updated 4 years ago
- ☆55Updated 2 years ago
- Assembly block for hooking windows API functions.☆93Updated 6 years ago
- 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free☆64Updated 2 years ago
- Bypass UAC by abusing the Internet Explorer Add-on installer☆54Updated 4 years ago
- ☆55Updated 3 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆83Updated 2 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 3 years ago
- 💻 Windows 10 Kernel-mode rootkit☆32Updated 3 years ago
- A Bumblebee-inspired Crypter☆79Updated 2 years ago
- A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…☆129Updated 3 years ago
- ☆112Updated 2 years ago
- Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.☆77Updated 2 years ago
- ☆70Updated 6 months ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Updated 2 years ago
- A C implementation of the Sektor7 "A Thief" Windows privesc technique.☆65Updated 3 years ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆63Updated 2 years ago
- ☆82Updated 3 years ago
- A local LKM rootkit loader/dropper that lists available security mechanisms☆52Updated 4 years ago
- Executes shellcode from a remote server and aims to evade in-memory scanners☆31Updated 5 years ago
- Unhooks Bit Defender from NTDLL and KERNELBASE using a classic technique.☆56Updated 2 years ago