loneicewolf / EXEC_LKM
A LKM (Loadable Kernel Module) to execute a command as root; I include a example of using netcat and a compiled(with source and steps on how to compile) reverse shell provided in C.
☆16Updated 5 months ago
Alternatives and similar repositories for EXEC_LKM:
Users that are interested in EXEC_LKM are comparing it to the libraries listed below
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆39Updated 4 years ago
- A simple injector that uses LoadLibraryA☆17Updated 4 years ago
- Executes shellcode from a remote server and aims to evade in-memory scanners☆31Updated 5 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆54Updated 2 years ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Updated 2 years ago
- using the gpu to hide your payload☆56Updated 2 years ago
- Windows NTLM Authentication Backdoor☆14Updated 3 years ago
- Collection of shellcode injection and execution techniques☆16Updated 3 years ago
- 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"☆38Updated 3 years ago
- Just another casual shellcode native loader☆24Updated 3 years ago
- A C implementation of the Sektor7 "A Thief" Windows privesc technique.☆61Updated 3 years ago
- Injects shellcode into remote processes using direct syscalls☆77Updated 4 years ago
- Windows File Enumeration Intel Gathering Tool.☆17Updated last year
- Repository for dirty scripts and PoCs☆17Updated last month
- NT AUTHORITY\SYSTEM☆39Updated 4 years ago
- "An Introduction to Windows Exploit Development" is an open sourced, free Windows exploit development course I created for the Southeast …☆39Updated 4 years ago
- ☆52Updated 2 years ago
- One gate to all syscalls!☆23Updated 3 years ago
- x86_64 LKM linux rootkit☆16Updated last year
- A repository filled with ideas to break/detect direct syscall techniques☆27Updated 2 years ago
- ollvm, based on llvm-clang 5.0.2, 6.0.1, 7.0.1, 8.0, 9.0, 9.0.1☆19Updated 2 years ago
- C# implementation of Shellcode delivery techniques using PInvoke and DInvoke variations for API calling.☆35Updated 3 years ago
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆21Updated 5 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆55Updated 3 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆15Updated 2 years ago
- CVE-2021-34527 AddPrinterDriverEx() Privilege Escalation☆21Updated 2 years ago
- C-based Reverse Shell that uses CMD or PowerShell☆15Updated 4 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Updated last year
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆52Updated last year