reveng007 / reveng_rtkit
Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
☆242Updated last year
Alternatives and similar repositories for reveng_rtkit:
Users that are interested in reveng_rtkit are comparing it to the libraries listed below
- Linux kernel rootkit☆327Updated 2 weeks ago
- TartarusGate, Bypassing EDRs☆561Updated 3 years ago
- Native Syscalls Shellcode Injector☆264Updated last year
- Performing Indirect Clean Syscalls☆513Updated last year
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆516Updated 10 months ago
- Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)�☆220Updated last year
- ☆175Updated last year
- An automatic Blind ROP exploitation tool☆196Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆622Updated 4 months ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆632Updated 2 years ago
- Rusty Arsenal - A collection of experimental Process Injection and Post-Exploitation Techniques in Rust☆244Updated last year
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆374Updated 6 months ago
- LPE exploit for CVE-2023-21768☆486Updated last year
- Analyse your malware to surgically obfuscate it☆450Updated 3 weeks ago
- PoCs for Kernelmode rootkit techniques research.☆352Updated 3 weeks ago
- Sleep Obfuscation☆718Updated last year
- Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists☆412Updated last year
- A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…☆122Updated 3 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆333Updated this week
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆504Updated 2 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆650Updated last year
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆390Updated last year
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆352Updated 2 years ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆202Updated 3 months ago
- LPE exploit for CVE-2023-21768☆416Updated last year
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆241Updated last year
- Centralized resource for listing and organizing known injection techniques and POCs☆236Updated 3 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆267Updated last year
- collection of apis used in malware development☆223Updated 2 years ago
- The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).☆226Updated 2 months ago