reveng007 / reveng_rtkit
Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
☆240Updated last year
Alternatives and similar repositories for reveng_rtkit:
Users that are interested in reveng_rtkit are comparing it to the libraries listed below
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆627Updated 2 years ago
- Linux kernel rootkit☆307Updated this week
- Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)☆218Updated last year
- A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.☆406Updated last year
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆510Updated 9 months ago
- An automatic Blind ROP exploitation tool☆193Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆613Updated 3 months ago
- ☆173Updated last year
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆630Updated last year
- Yet another variant of Process Hollowing☆357Updated 10 months ago
- LPE exploit for CVE-2023-21768☆418Updated last year
- The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).☆225Updated last month
- TartarusGate, Bypassing EDRs☆557Updated 2 years ago
- Rusty Arsenal - A collection of experimental Process Injection and Post-Exploitation Techniques in Rust☆244Updated last year
- Kernel Exploits☆247Updated 3 years ago
- LPE exploit for CVE-2023-21768☆485Updated last year
- Performing Indirect Clean Syscalls☆506Updated last year
- Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability☆217Updated 8 months ago
- Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)☆522Updated last year
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆203Updated 2 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆645Updated last year
- Centralized resource for listing and organizing known injection techniques and POCs☆239Updated 2 months ago
- PoCs for Kernelmode rootkit techniques research.☆345Updated this week
- Native Syscalls Shellcode Injector☆264Updated last year
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆264Updated last year
- collection of apis used in malware development☆224Updated 2 years ago
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆224Updated 2 years ago
- ☆236Updated last year
- ASLR bypass without infoleak☆159Updated 3 years ago
- Vulnerable driver research tool, result and exploit PoCs☆183Updated last year