thalium / rkchkLinks
Rust Linux Kernel Module designed for LKM rootkit detection
☆51Updated 5 months ago
Alternatives and similar repositories for rkchk
Users that are interested in rkchk are comparing it to the libraries listed below
Sorting:
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆119Updated 4 months ago
- Linpmem is a linux memory acquisition tool☆87Updated 2 months ago
- Userland exec PoC to be used as attack vector technique☆85Updated 6 months ago
- Attacking the cleanup_module function of a kernel module☆41Updated last month
- ☆71Updated 9 months ago
- Collection of codes focused on Linux rootkits☆148Updated last week
- Cheat sheet to detect and remove linux kernel rootkit☆68Updated 8 months ago
- Open Source eBPF Malware Analysis Framework☆49Updated 10 months ago
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆42Updated last year
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆334Updated 2 months ago
- Payload encoding utility to effectively lower payload entropy.☆119Updated 4 months ago
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆68Updated this week
- Memory Obfuscation in Rust☆249Updated last month
- CVE-2024-30090 - LPE PoC☆107Updated 10 months ago
- kubernetes rootkit☆32Updated last year
- eBPF Memory Dump Tool☆82Updated 2 months ago
- A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by…☆84Updated last year
- Monarch - The Adversary Emulation Toolkit☆63Updated 7 months ago
- POC of GITHUB simple C2 in rust☆52Updated 3 weeks ago
- LKM rootkit for modern kernels, with DNS C2 and a simple web interface☆72Updated last month
- Windows Persistence IT-Security☆103Updated 5 months ago
- ☆52Updated 10 months ago
- Circumventing "noexec" mount flag to execute arbitrary linux binaries by ptrace-less process injection☆120Updated 2 months ago
- ☆108Updated 9 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- Exploit targeting NT kernel in 24H2 Windows Insider Preview☆136Updated last year
- Safe Rust bindings for the COM interfaces of the Windows debugging engine☆14Updated last month
- ☆49Updated 4 months ago
- Vibe Malware Triage - MCP server for static PE analysis.☆66Updated 3 months ago
- Make an Linux Kernel rootkit visible again.☆55Updated 5 months ago