rootkit

Hiding kernel-driver for x86/x64.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Nidhogg is an all-in-one simple to use windows kernel rootkit.

windows kernel security development

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Webshell && Backdoor Collection

awesome-linux-rootkits

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

Linux/Windows post-exploitation framework made by linux user

This is the list of all rootkits found so far on github and other sites.

Now You See Me, Now You Don't

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

ebpfkit is a rootkit powered by eBPF

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

Hypervisor Memory Introspection Core Library