Repository navigation
lkm-rootkit
- Website
- Wikipedia
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
awesome-linux-rootkits
Utility to find hidden Linux kernel modules
An example rootkit that gives a userland process root permissions
LKM rootkit for modern kernels, with DNS C2 and a simple web interface
A quick LKM rootkit that executes a reverse TCP netcat shell with root privileges.
64-bit LKM Rootkit builder based on yaml prescription. Working on 5.15.5 kernel
Ftrace Based Linux Loadable Kernel Module Rootkit for Linux Kernel 5.x and 6.x on x86_64, hides files, hides process, hides bind shell & reverse shell port, privilege escalation, cleans up logs and bash history during installation
A LKM (Loadable Kernel Module) to execute a command as root; I include a example of using netcat and a compiled(with source and steps on how to compile) reverse shell provided in C.
A ring0 Loadable Kernel Module (Linux) to log all commnds run on the system.
Linux Loadable Kernel Module Rootkit for Linux Kernel 5.x and 6.x on x86_64, hides files, hides process, hides bind shell & reverse shell port, privilege escalation, cleans up logs and bash history during installation
Author of Project Adrishya a rootkit which use ftrace mechanism to hook syscall; (write this because God commanded me); work for both x86_64 and arm; CREDIT-(Oleksii Lozovskyi{ilammy})FOUNDER OF FTRACE HOOKING
Examples on Linux Kernel Modules Hacking
A small introduction to lkm.
HiddenGhost is an new solution for find system call table with support for 5.7x kernels +
Rootkit for x64 Linux leveraging only native kernel features.
