lkm

The Linux Kernel Module Programming Guide (updated for 5.0+ kernels)

Utility to find hidden Linux kernel modules

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.

An example rootkit that gives a userland process root permissions

ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.

Cheat sheet to detect and remove linux kernel rootkit

A rootkit for Android.

A local LKM rootkit loader/dropper that lists available security mechanisms

Tools to bypass flawed SELinux policies using the init_module system call

Make an Linux Kernel rootkit visible again.

Rust out-of-tree Linux Kernel Modules (LKMs) experimentation framework

Virtual Linux block device driver for simulating and performing I/O.

A quick LKM rootkit that executes a reverse TCP netcat shell with root privileges.

Attacking the cleanup_module function of a kernel module

64-bit LKM Rootkit builder based on yaml prescription. Working on 5.15.5 kernel

「⚔️」Ring 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.x

Reverse shell and rootkit

kfile-over-icmp is an LKM for stealth sending of files over ICMP communication.

Ftrace Based Linux Loadable Kernel Module Rootkit for Linux Kernel 5.x and 6.x on x86_64, hides files, hides process, hides bind shell & reverse shell port, privilege escalation, cleans up logs and bash history during installation

A LKM (Loadable Kernel Module) to execute a command as root; I include a example of using netcat and a compiled(with source and steps on how to compile) reverse shell provided in C.