TripleCross
Rootkit
A Linux rootkit demonstrating the offensive capabilities of eBPF technology using various techniques such as backdoors, C2 channels and code injection.
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
2k stars
39 watching
222 forks
Language: C
last commit: 10 months ago
Linked from 3 awesome lists
backdoorebpfkernellibbpfrootkitsecurity
zoidyzoidzoid/awesome-ebpf
uhub/awesome-c
karneades/awesome-malware-persistenceRelated projects:
| Repository | Description | Stars |
|---|---|---|
 gui774ume/ebpfkit | A rootkit powered by eBPF designed to demonstrate offensive security techniques and bypass kernel protections. | 766 |
 eterna1/puszek-rootkit | A Linux rootkit that hooks the system call table to hide files and processes. | 157 |
 eversinc33/banshee | A Windows kernel rootkit with anti-rootkit evasion features and keylogging capabilities. | 502 |
 mempodippy/vlany | A Linux rootkit designed to evade detection and maintain persistence on compromised systems | 947 |
 d4stiny/spectre | A proof-of-concept Windows kernel-mode rootkit designed to demonstrate legitimate communication channel exploitation for remote control. | 685 |
| gui774ume/ebpfkit-monitor | A tool designed to detect and protect against certain types of malicious eBPF bytecode | 125 |
 m0nad/diamorphine | A Linux kernel module designed to create a stealthy backdoor and hide processes or users from system administrators. | 1,865 |
 pathtofile/bad-bpf | Demonstrates security vulnerabilities in the Linux kernel's eBPF system | 556 |
 eunomia-bpf/eunomia-bpf | A toolchain to simplify building and running eBPF programs with CO-RE and WebAssembly support | 687 |
 d3ckx1/ola | A CS backdoor penetration module plugin that bundles various tools and features into a single package for convenience | 628 |
 yaoyumeng/adore-ng | A Linux rootkit adapted for 2.6 and 3.x kernel versions | 206 |
 squiffy/masochist | A framework for creating XNU-based rootkits with capabilities such as process manipulation and system call hijacking. | 124 |
 0xsobky/hackvault | A container repository for storing and sharing public web hacking techniques and tools. | 1,953 |
 p0cl4bs/wifipumpkin3 | A Python-based framework for conducting man-in-the-middle attacks and rogue access point exploits on wireless networks. | 2,016 |
 1n3/intruderpayloads | A collection of tools and methodologies for identifying vulnerabilities in web applications | 3,698 |