reveng007 / reveng_rtkitLinks
Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
☆256Updated last year
Alternatives and similar repositories for reveng_rtkit
Users that are interested in reveng_rtkit are comparing it to the libraries listed below
Sorting:
- Red-Team Linux kernel rootkit☆526Updated this week
- Academic project of Linux rootkit made for Bachelor Engineering Thesis.☆107Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆649Updated 2 years ago
- ☆180Updated 2 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆704Updated 4 months ago
- PoCs for Kernelmode rootkit techniques research.☆378Updated 6 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆546Updated this week
- The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).☆232Updated 7 months ago
- Evasion by machine code de-optimization.☆390Updated last year
- Native Syscalls Shellcode Injector☆267Updated 2 years ago
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆642Updated last year
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY☆196Updated 3 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆401Updated last month
- TartarusGate, Bypassing EDRs☆600Updated 3 years ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆502Updated last year
- Collection of codes focused on Linux rootkits☆141Updated last month
- ☆358Updated last year
- Proof of concept & details for CVE-2025-21298☆188Updated 6 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆229Updated 9 months ago
- Analyse your malware to surgically obfuscate it☆484Updated 2 months ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆334Updated last month
- Performing Indirect Clean Syscalls☆572Updated 2 years ago
- Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)☆228Updated 2 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆287Updated last year
- Rusty Arsenal - A collection of experimental Process Injection and Post-Exploitation Techniques in Rust☆272Updated last year
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆313Updated last year
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆379Updated last year
- An easily modifiable shellcode template for Windows x64 written in C☆257Updated 2 years ago
- collection of apis used in malware development☆224Updated 3 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆350Updated 5 months ago