lkm

The Linux Kernel Module Programming Guide (updated for 5.0+ kernels)

LKM rootkit for modern kernels (6x)

Utility to find hidden Linux kernel modules

ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.

An example rootkit that gives a userland process root permissions

Cheat sheet to detect and remove linux kernel rootkit

Tools to bypass flawed SELinux policies using the init_module system call

Make an Linux Kernel rootkit visible again.

A rootkit for Android.

A local LKM rootkit loader/dropper that lists available security mechanisms

Rust out-of-tree Linux Kernel Modules (LKMs) experimentation framework

Attacking the cleanup_module function of a kernel module

Virtual Linux block device driver for simulating and performing I/O.

A quick LKM rootkit that executes a reverse TCP netcat shell with root privileges.

64-bit LKM Rootkit builder based on yaml prescription. Working on 5.15.5 kernel

Ftrace Based Linux Loadable Kernel Module Rootkit for Linux Kernel 5.x and 6.x on x86_64, hides files, hides process, hides bind shell & reverse shell port, privilege escalation, cleans up logs and bash history during installation

「⚔️」Ring 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.x

Reverse shell and rootkit

Wrong Boot (codename: wrong8007) is a programmable dead man's switch for Linux, living entirely in kernel space.