There are 67 repositories under rootkit topic.
windows kernel security development
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
awesome-linux-rootkits
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
This is the list of all rootkits found so far on github and other sites.
Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
Hypervisor Memory Introspection Core Library
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
Kernel rootkit, that lives inside the Windows registry values data
InfinityHookPro Win7 -> Win11 latest
Experimental Windows x64 Kernel Rootkit.
Load your driver like win32k.sys
A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
Linux kernel rootkit
Your interpreter isn’t safe anymore — The PHP module backdoor
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.