rootkit

Hiding kernel-driver for x86/x64.

windows kernel security development

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Nidhogg is an all-in-one simple to use windows kernel rootkit.

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Webshell && Backdoor Collection

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

awesome-linux-rootkits

Linux/Windows post-exploitation framework made by linux user

This is the list of all rootkits found so far on github and other sites.

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Now You See Me, Now You Don't

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

ebpfkit is a rootkit powered by eBPF

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

Hypervisor Memory Introspection Core Library