Abusing the FreeBSD MAC framework for rootkits

LD_PRELOAD rootkit that hooks raw syscalls with zpoline

kubernetes rootkit

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity

EW重构计划

"Service-less" driver loading

A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs

Windows rootkit designed to work with BYOVD exploits