thalium / rkchkLinks
Rust Linux Kernel Module designed for LKM rootkit detection
☆52Updated 6 months ago
Alternatives and similar repositories for rkchk
Users that are interested in rkchk are comparing it to the libraries listed below
Sorting:
- Linpmem is a linux memory acquisition tool☆88Updated 3 months ago
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆125Updated 5 months ago
- Userland exec PoC to be used as attack vector technique☆88Updated 2 weeks ago
- Circumventing "noexec" mount flag to execute arbitrary linux binaries by ptrace-less process injection☆126Updated 4 months ago
- Open Source eBPF Malware Analysis Framework☆51Updated 11 months ago
- kubernetes rootkit☆35Updated last year
- Attacking the cleanup_module function of a kernel module☆46Updated 3 months ago
- Cheat sheet to detect and remove linux kernel rootkit☆72Updated 9 months ago
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆70Updated last month
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆42Updated last year
- ☆74Updated 10 months ago
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆81Updated 3 weeks ago
- A simple Meterpreter stager written in Rust.☆40Updated last week
- Payload encoding utility to effectively lower payload entropy.☆119Updated 5 months ago
- Monarch - The Adversary Emulation Toolkit☆63Updated 8 months ago
- POC of GITHUB simple C2 in rust☆52Updated 2 months ago
- eBPF hacks☆187Updated 9 months ago
- A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by…☆84Updated last year
- Collection of codes focused on Linux rootkits☆160Updated last week
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆333Updated 3 months ago
- CVE-2024-30090 - LPE PoC☆108Updated 11 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆105Updated last year
- Windows AppLocker Driver (appid.sys) LPE☆66Updated last year
- Enumerate active EDR's on the system☆111Updated last week
- Retrieve inner payloads from Donut samples☆108Updated last year
- eBPF Memory Dump Tool☆86Updated last month
- Memory Obfuscation in Rust☆256Updated last month
- ☆53Updated 11 months ago
- Make an Linux Kernel rootkit visible again.☆57Updated 7 months ago
- Windows Persistence IT-Security☆105Updated 6 months ago