thalium / rkchkLinks
Rust Linux Kernel Module designed for LKM rootkit detection
☆53Updated 7 months ago
Alternatives and similar repositories for rkchk
Users that are interested in rkchk are comparing it to the libraries listed below
Sorting:
- Userland exec PoC to be used as attack vector technique☆93Updated last month
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆126Updated 6 months ago
- Circumventing "noexec" mount flag to execute arbitrary linux binaries by ptrace-less process injection☆129Updated 4 months ago
- Attacking the cleanup_module function of a kernel module☆48Updated 3 months ago
- Open Source eBPF Malware Analysis Framework☆52Updated last year
- Payload encoding utility to effectively lower payload entropy.☆120Updated 6 months ago
- Cheat sheet to detect and remove linux kernel rootkit☆74Updated 10 months ago
- Collection of codes focused on Linux rootkits☆177Updated last month
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆42Updated last year
- CVE-2024-30090 - LPE PoC☆108Updated last year
- Linpmem is a linux memory acquisition tool☆93Updated 4 months ago
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆93Updated last month
- eBPF hacks☆187Updated 10 months ago
- Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust☆70Updated last year
- kubernetes rootkit☆35Updated last year
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆72Updated 2 months ago
- Memory Obfuscation in Rust☆259Updated last week
- A simple Meterpreter stager written in Rust.☆41Updated 3 weeks ago
- A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by…☆83Updated last year
- HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion☆61Updated 6 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆150Updated last month
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆105Updated last year
- Windows AppLocker Driver (appid.sys) LPE☆66Updated last year
- ☆74Updated 11 months ago
- Select any exported function in a dll as the new dll's entry point.☆81Updated last year
- call gates as stable comunication channel for NT x86 and Linux x86_64☆32Updated 2 years ago
- POC of GITHUB simple C2 in rust☆52Updated 2 months ago
- Monarch - The Adversary Emulation Toolkit☆63Updated 9 months ago
- Slaying multi-language LLVM IR with obfuscation passes to achieve JIT execution☆119Updated 2 months ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆331Updated 4 months ago