Linux kernel rootkits

Tags

Linux kernel rootkits

  1. 1337kit
    A kernel rootkit for educational purposes that demonstrates various techniques to hide processes, files, and achieve privilege escalation.

  2. Reptile
    A Linux rootkit focusing on hiding itself, backdoor creation, and maintaining persistence while being lightweight and configurable.

  3. KoviD
    A kernel module showcasing malicious techniques like hiding files, processes, and network activities for rootkit-like functionality.

  4. linux-syscall-hook-rootkit
    Demonstrates syscall table hooking to intercept and manipulate system calls for stealth and privilege escalation.

  5. TripleCross
    A stealthy container escape and privilege escalation tool leveraging eBPF for hiding malicious activities.

  6. ebpf_maps_hooking
    A proof of concept demonstrating the use of eBPF maps for hooking and modifying kernel behavior dynamically.

  7. kopycat
    A rootkit leveraging syscall hooking to hide processes, files, and perform privilege escalation for Linux systems.

  8. Diamorphine
    A simple Linux LKM rootkit for hiding files, processes, and achieving stealth operations on a compromised system.

  9. kernel-inline-hook
    A kernel-level inline hooking framework designed for intercepting and modifying function execution flow.

  10. ftrace-hook
    A framework that uses ftrace for hooking kernel functions to implement debugging, monitoring, or malicious functionality.

  11. kernel-hook-framework
    A modular framework for implementing kernel hooks to intercept and manipulate Linux kernel functionalities.

  12. Netfilter-Hooks-Simple
    A basic implementation of Netfilter hooks to demonstrate network packet interception and manipulation at the kernel level.

  13. Immutable-file-linux
    A kernel module designed to protect files from being modified or deleted by setting immutable attributes at the kernel level.

  14. enyelkm
    An example of a loadable kernel module implementing rootkit functionality such as hiding processes and files.

  15. Diamorphine
    A repeat mention of a lightweight rootkit for Linux, showcasing hiding and privilege escalation techniques.

  16. kprobe_rootkit
    Demonstrates the use of kprobes for implementing rootkit-like functionality such as process hiding and event interception.

  17. LilyOfTheValley
    A kernel rootkit implementing various stealth techniques, including syscall hooking and hidden network communication.

  18. rkduck
    A rootkit demonstrating anti-detection techniques using kernel-level hooks to hide its presence.

  19. liinux
    A Linux rootkit showcasing process hiding, network manipulation, and maintaining stealth for educational purposes.

  20. DragonKing
    A kernel rootkit with advanced hiding capabilities and features for bypassing detection mechanisms.

  21. Rootkits-Playground
    A repository for experimenting with Linux rootkit techniques in a controlled environment for educational purposes.

  22. JynKbeast
    A kernel rootkit focusing on demonstrating syscall hooking and process hiding capabilities.

  23. wukong
    A proof of concept for Linux rootkits focusing on stealth and privilege escalation techniques.

  24. subversive
    A lightweight rootkit with features like hiding files, processes, and privilege escalation using LKM.

  25. Umbra
    A kernel rootkit using eBPF to achieve stealth and dynamic kernel-level behavior modification.

  26. kbeast
    A demonstration of kernel abuse techniques for hiding malicious processes and achieving persistence.

  27. Rootkit
    A generic Linux rootkit for educational purposes, showcasing common techniques like hiding and privilege escalation.

  28. SMM-Rootkit
    A proof-of-concept rootkit operating in the System Management Mode (SMM) for stealth and advanced capabilities.

  29. swiss_army_rootkit
    A multifunctional rootkit with a wide array of capabilities, including hiding files, processes, and manipulating network traffic.

  30. kprochide
    A rootkit leveraging kernel process hiding techniques to evade detection.

  31. bad-bpf
    A repository demonstrating how eBPF can be used maliciously for stealth and rootkit-like behavior.

  32. ebpf_exporter
    A tool to collect and export performance metrics from Linux systems using eBPF for monitoring purposes.

  33. bpf_study
    A collection of examples and experiments with eBPF, including hooks and monitoring applications.

  34. sshd_backdoor
    A malicious proof-of-concept demonstrating a backdoored SSH daemon for maintaining unauthorized access.

  35. randkit
    A random toolkit containing examples and concepts for manipulating and hiding processes in Linux environments.

  36. ebpf-signals
    A project leveraging eBPF for capturing and analyzing signals sent to processes.

  37. the_colonel
    A kernel rootkit designed to hide processes and demonstrate stealth techniques.

  38. Sutekh
    A Linux kernel rootkit showcasing advanced stealth techniques, including file and process hiding.

  39. kfile-over-icmp
    A tool demonstrating file transfer over ICMP for stealth communication in compromised systems.

  40. linux_rootkit
    A minimal Linux rootkit for educational purposes that demonstrates basic stealth and privilege escalation techniques.

  41. rootkit
    A demonstration of rootkit techniques focused on hiding files, processes, and achieving persistence.

  42. CoVirt
    A proof of concept for virtualization-based rootkits demonstrating stealth and persistence capabilities.

  43. loonix_syscall_hook
    Demonstrates syscall hooking in Linux to intercept and manipulate system calls for malicious purposes.

  44. hiding-cryptominers-linux-rootkit
    A rootkit designed to hide the presence of cryptominers on a Linux system while maintaining stealth.

  45. linux-rootkits
    A collection of Linux rootkits showcasing various stealth and privilege escalation techniques.

  46. KubeDagger
    A Kubernetes attack toolkit simulating malicious activity and vulnerabilities in containerized environments.

  47. EXEC_LKM
    A kernel module for executing arbitrary user-mode commands from the kernel space.

  48. linux-rootkit
    A demonstration rootkit focused on hiding files and processes on Linux systems.

  49. rkptum2013
    A rootkit for educational purposes, showcasing process hiding and privilege escalation techniques.

  50. TheSubZeroProject
    A kernel-level proof of concept demonstrating privilege escalation and stealth techniques.

  51. rooty
    A lightweight rootkit for Linux showcasing hiding and privilege escalation methods.

  52. research-rootkit
    A repository for experimenting with various rootkit techniques on Linux for research purposes.

  53. satan
    A Linux rootkit demonstrating syscall hooking and process hiding techniques.

  54. linux_rkit
    A kernel module for Linux showcasing rootkit functionality such as file and process hiding.

  55. kernel-based-keylogger-for-Linux
    A keylogger operating at the kernel level to capture keystrokes on Linux systems.

  56. superhide
    A rootkit designed to demonstrate process and file hiding capabilities in Linux environments.

  57. conjob
    A tool leveraging eBPF for monitoring cron jobs and system events for security or debugging purposes.

  58. iptable_evil
    A demonstration of malicious manipulation of iptables for stealth and unauthorized network activity.

  59. root-of-all-evil
    A rootkit demonstrating various stealth and manipulation techniques for educational purposes.

  60. lkrg-bypass
    A proof-of-concept tool demonstrating methods to bypass the Linux Kernel Runtime Guard (LKRG) protections.

LinkedIn Reddit