rootkit
There are 343 repositories under rootkit topic.
mrexodia/TitanHide
Hiding kernel-driver for x86/x64.
m0nad/Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Idov31/Nidhogg
Nidhogg is an all-in-one simple to use windows kernel rootkit.
ExpLife0011/awesome-windows-kernel-security-development
windows kernel security development
bytecode77/r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
JKornev/hidden
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
milabs/awesome-linux-rootkits
awesome-linux-rootkits
xl7dev/WebShell
Webshell && Backdoor Collection
h3xduck/TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
jm33-m0/emp3r0r
Linux/Windows post-exploitation framework made by linux user
skyw4tch3r/RootKits-List-Download
This is the list of all rootkits found so far on github and other sites.
ZeroMemoryEx/Chaos-Rootkit
Now You See Me, Now You Don't
mempodippy/vlany
Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
XaFF-XaFF/Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
Cr4sh/s6_pcie_microblaze
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
nurupo/rootkit
Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
Gui774ume/ebpfkit
ebpfkit is a rootkit powered by eBPF
screetsec/Vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
landhb/HideProcess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
bitdefender/hvmi
Hypervisor Memory Introspection Core Library
joaoviictorti/shadow-rs
Windows Kernel Rootkit in Rust
XaFF-XaFF/Black-Angel-Rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
carloslack/KoviD
Red-Team Linux kernel rootkit
eversinc33/Banshee
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
memN0ps/eagle-rs
Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
crvvdev/MasterHide
A x64 Windows Rootkit using SSDT or Hypervisor hook
FiYHer/InfinityHookPro
InfinityHookPro Win7 -> Win11 latest
Cr4sh/WindowsRegistryRootkit
Kernel rootkit, that lives inside the Windows registry values data
MatheuZSecurity/Singularity
Linux Kernel Rootkit for modern kernels (6x)
sudoskys/Root
?什么你说Root?我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓
daem0nc0re/VectorKernel
PoCs for Kernelmode rootkit techniques research.
MatheuZSecurity/RingReaper
Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.
DualHorizon/blackpill
A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
cr0nx/awesome-linux-attack-forensics-purplelabs
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
memN0ps/illusion-rs
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
memN0ps/matrix-rs
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)