milabs / kjector
Code injection from Linux kernel to a process
☆21Updated last year
Alternatives and similar repositories for kjector:
Users that are interested in kjector are comparing it to the libraries listed below
- Evasive ELF Static PIE User-Land-Exec featured in Tmpout Vol 1.☆28Updated 3 years ago
- yet another hidden LKM hunter☆22Updated last year
- call gates as stable comunication channel for NT x86 and Linux x86_64☆31Updated last year
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆34Updated last year
- An example of hijacking the dynamic linker with a custom interpreter who loads and executes modular viruses☆64Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆72Updated last year
- hypervisor enforced patch protection for the linux kernel with xen + libvmi, libvmi KASLR offset spoofer☆32Updated last year
- A few examples of how to trap virtual memory access on Windows.☆30Updated 4 months ago
- Michelangelo REanimator bootkit and REcon 2023 talk slides/materials☆29Updated last year
- Linux Kernel module-less implant (backdoor)☆72Updated 4 years ago
- Poc for ELF64 runtime infection via GOT poisoning technique by elfmaster☆29Updated 5 years ago
- r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems☆10Updated 6 years ago
- In line function hooking LKM rootkit☆51Updated 5 years ago
- ELF binary forensics tool for APT, virus, backdoor and rootkit detection☆47Updated 6 months ago
- ☆47Updated 2 years ago
- Matryoshka - stacked LKM loader☆52Updated last year
- Rootkit spotter - experimental Linux rootkit finder LKM☆28Updated 4 years ago
- Extract data of TTD trace file to a minidump☆28Updated last year
- Different tools for Microsoft Hyper-V researching☆57Updated 11 months ago
- kfile-over-icmp is an LKM for stealth sending of files over ICMP communication.☆17Updated 4 years ago
- A Linux x86/x86-64 tool to trace registers and memory regions.☆37Updated 2 years ago
- ☆12Updated 6 months ago
- NASM Linux x86_64 pure (no deps) shared library (.so), POC for Reflective ELF SO injection☆29Updated last year
- A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.☆38Updated 3 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)☆20Updated 5 years ago
- One Bootloader to Load Them All - Research materials, Code , Etc.☆51Updated 2 years ago
- WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs☆18Updated last year
- Linux rootkit for educational purposes☆31Updated last year
- Yet another Windows DLL injector.☆39Updated 3 years ago