thalium / rkchkLinks
Rust Linux Kernel Module designed for LKM rootkit detection
☆49Updated 4 months ago
Alternatives and similar repositories for rkchk
Users that are interested in rkchk are comparing it to the libraries listed below
Sorting:
- Userland exec PoC to be used as attack vector technique☆85Updated 6 months ago
- Circumventing "noexec" mount flag to execute arbitrary linux binaries by ptrace-less process injection☆120Updated 2 months ago
- Linpmem is a linux memory acquisition tool☆87Updated last month
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆66Updated 3 months ago
- ☆69Updated 8 months ago
- Cheat sheet to detect and remove linux kernel rootkit☆68Updated 7 months ago
- Open Source eBPF Malware Analysis Framework☆48Updated 9 months ago
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆118Updated 3 months ago
- A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by…☆84Updated last year
- Attacking the cleanup_module function of a kernel module☆38Updated last month
- kubernetes rootkit☆31Updated last year
- eBPF hacks☆188Updated 7 months ago
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆42Updated last year
- Payload encoding utility to effectively lower payload entropy.☆119Updated 3 months ago
- eBPF Memory Dump Tool☆82Updated last month
- Collection of codes focused on Linux rootkits☆141Updated last month
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆334Updated last month
- Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls☆81Updated this week
- ☆52Updated 9 months ago
- Tools for analyzing EDR agents☆238Updated last year
- Memory Obfuscation in Rust☆235Updated last week
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆128Updated last month
- Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust☆62Updated last year
- CVE-2024-30090 - LPE PoC☆107Updated 9 months ago
- Retrieve inner payloads from Donut samples☆104Updated last year
- Shellcode loader that executes embedded Lua from Rust.☆116Updated 7 months ago
- Select any exported function in a dll as the new dll's entry point.☆81Updated 9 months ago
- HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion☆57Updated 3 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆117Updated last year