149 skills found · Page 3 of 5
juanschallibaum / Nuk3Gh0stUniversal Linux LKM rootkit, designed to work in any kernel version and both architectures (i686 and x86_64).
ait-aecid / CaraxesAcademic research rootkit using ftrace-hooking to hide files and processes via magic word or user/group. Tested until Linux 6.11.
hanj4096 / WukongA LKM rootkit for Linux kernel 2.6.x, 3.x and 4.x
elfmaster / Kprobe RootkitLinux kernel rootkit using kprobes (From http://phrack.org/issues/67/6.html)
SourceCodeDeleted / Rootkitdev LinuxRootkit Development tutorial series. Works on Kernel version 4.15 Can be adapted for 5.3+
a7vinx / LiinuxA linux rootkit works on kernel 4.0.X or higher
kacheo / KernelRootkitLinux kernel rootkit to hide certain files and processes.
Nadharm / CoVirtA dynamically loadable virtual-machine based rootkit designed for Linux Kernel v5.13.0 using AMD-V (SVM).
leixiangwu / CSE509 RootkitAfter attackers manage to gain access to a remote (or local) machine and elevate their privileges to "root", they typically want to maintain their access, while hiding their presence from the normal users and administrators of the system. This basic rootkit works on the Linux operating system and is a loadable kernel module which when loaded into the kernel (by the attacker with root privileges) will do the following: 1) Hide specific files and directories from showing up when a user does "ls" and similar commands 2) Modify the /etc/passwd and /etc/shadow file to add a backdoor account while returning the original contents of the files (pre-attack) when a normal user requests to see the file 3) Hides processes from the process table when a user does a "ps" 4) Give the ability to a malicious process to elevate its uid to 0 (root) upon demand
Notselwyn / NetkitLinux rootkit for educational purposes
aesophor / Satan🔓 x86 Linux Kernel rootkit for Debian 9 (4.9.0-11-686-pae)
sandflysecurity / Sandfly Kernel Module DecloakScripts to decloak Linux Loadable Kernel Module (LKM) stealth rootkits.
dsmatter / BrootusAn educational Linux Kernel Rootkit
dschuermann / SuterusuFork from http://redmine.poppopret.org/projects/suterusu. An LKM rootkit targeting Linux 2.6/3.x on x86 and ARM. Supports privilege escalation, process hiding, connection hiding (TCP/UDP v4/v6), file/directory hiding, keylogging, and screen unlocking. Under active development.
geekben / RootkitLinux rootkit and detection examples
tstromberg / SunlightLinux #rootkit and #malware revealer
linuxthor / RkspotterRootkit spotter - experimental Linux rootkit finder LKM
jollheef / Rootkiticide0-ring rootkit revealer for Linux
sandflysecurity / Sandfly File DecloakDecloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.
bluedragonsecurity / Bds Lkm FtraceFtrace Based Linux Loadable Kernel Module Rootkit for Linux Kernel 5.x up to linux kernel 6.2 on x86_64, hides files, hides process, hides bind shell & reverse shell port, privilege escalation, cleans up logs and bash history during installation
