thalium / rkchk
Rust Linux Kernel Module designed for LKM rootkit detection
☆40Updated last month
Alternatives and similar repositories for rkchk:
Users that are interested in rkchk are comparing it to the libraries listed below
- ☆49Updated 5 months ago
- Userland exec PoC to be used as attack vector technique☆85Updated 2 months ago
- Open Source eBPF Malware Analysis Framework☆47Updated 6 months ago
- Linpmem is a linux memory acquisition tool☆82Updated 11 months ago
- Attacking the cleanup_module function of a kernel module☆30Updated 2 weeks ago
- Cheat sheet to detect and remove linux kernel rootkit☆55Updated 4 months ago
- A simple Meterpreter stager written in Rust.☆36Updated 7 months ago
- kubernetes rootkit☆31Updated last year
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆98Updated last year
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆42Updated 10 months ago
- Circumventing "noexec" mount flag to execute arbitrary linux binaries by ptrace-less process injection☆108Updated last week
- Exploiting the KsecDD Windows driver through Server Silos☆65Updated 5 months ago
- call gates as stable comunication channel for NT x86 and Linux x86_64☆31Updated last year
- One Bootloader to Load Them All - Research materials, Code , Etc.☆51Updated 2 years ago
- ☆52Updated 6 months ago
- A synergized Visual Studio and Rust development environment☆19Updated 2 months ago
- PoC code and tools for Black Hat USA 2024☆21Updated 8 months ago
- Monarch - The Adversary Emulation Toolkit☆62Updated 3 months ago
- ☆18Updated last month
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 9 months ago
- A few examples of how to trap virtual memory access on Windows.☆29Updated 4 months ago
- ☆41Updated 3 weeks ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆48Updated 2 months ago
- Safe Rust bindings for the COM interfaces of the Windows debugging engine☆14Updated last month
- Dynamically invoke arbitrary code with Rust tricks, #[no_std] support, and compatibility for x64, x86, ARM64 and WoW64 (DInvoke)☆60Updated 3 weeks ago
- yet another hidden LKM hunter☆21Updated last year
- Windows AppLocker Driver (appid.sys) LPE☆54Updated 8 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆73Updated 3 months ago
- Shellcode loader that executes embedded Lua from Rust.☆113Updated 4 months ago
- CVE-2024-30090 - LPE PoC☆106Updated 6 months ago