rootfoo / rootkit
Fully functional but simplified Linux Kernel Module (LKM) Rootkit for educational purposes
☆60Updated 5 years ago
Alternatives and similar repositories for rootkit:
Users that are interested in rootkit are comparing it to the libraries listed below
- A LKM rootkit for most newer kernel versions.☆173Updated 7 years ago
- Matryoshka - stacked LKM loader☆50Updated last year
- The first Linux hooking framework to allow merging two binary files into one!☆94Updated 4 years ago
- Proof of concept for injecting simple shellcode via ptrace into a running process.☆69Updated 2 years ago
- A functional exploit for CVE-2019-18634, a BSS overflow in sudo's pwfeedback feature that allows for for privesc☆58Updated 5 years ago
- In line function hooking LKM rootkit☆51Updated 5 years ago
- LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.☆86Updated last year
- Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.☆225Updated 5 years ago
- FLARE Kernel Shellcode Loader☆176Updated 5 years ago
- POC viruses I have created to demo some ideas☆59Updated 4 years ago
- Fork of aeskeyfind that knows more formats of AES key schedule☆64Updated 7 years ago
- Reverse engineering challenges☆50Updated 5 years ago
- a pstree mod that prints other helpful information and with added functionality☆24Updated 4 years ago
- ELF Shared library injector using DT_NEEDED precedence infection. Acts as a permanent LD_PRELOAD☆110Updated 4 years ago
- A ptrace POC by hooking SSH to reveal provided passwords☆181Updated 7 years ago
- Exercises from Designing BSD Rootkits working in 2020 with FreeBSD 12.2☆47Updated 2 years ago
- An example rootkit that gives a userland process root permissions☆77Updated 5 years ago
- bdvl☆113Updated 3 years ago
- Reflective SO injection is a library injection technique in which the concept of reflective programming is employed to perform the loadin…☆117Updated 8 years ago
- This is a kernel module invoked reverse shell proof of concept.☆72Updated 5 years ago
- Attacking the Core associated source files☆88Updated 7 years ago
- MoP - "Master of Puppets" - Advanced malware tracking framework☆80Updated 6 months ago
- Cminer is a tool for enumerating the code caves in PE files.☆148Updated last year
- This framework enables user to discover JOP gagdets and can automate building a complete JOP chain to bypass DEP. JOP ROCKET is the ultim…☆103Updated 7 months ago
- Exploiting challenges in Linux and Windows☆122Updated 5 years ago
- ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory☆26Updated 5 years ago
- JynxKit2 is an LD_PRELOAD userland rootkit based on the original JynxKit. The backdoor has been replaced with an "accept()" system hook.☆169Updated 12 years ago
- ☆33Updated 9 years ago
- Sandbox escape using WinHTTP Web Proxy Auto-Discovery Service☆85Updated 5 years ago
- LKRG bypass methods☆71Updated 5 years ago