TripleCross
Rootkit
A Linux rootkit demonstrating the offensive capabilities of eBPF technology using various techniques such as backdoors, C2 channels and code injection.
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
2k stars
39 watching
221 forks
Language: C
last commit: 8 months ago
Linked from 3 awesome lists
backdoorebpfkernellibbpfrootkitsecurity
zoidyzoidzoid/awesome-ebpf
uhub/awesome-c
karneades/awesome-malware-persistenceRelated projects:
| Repository | Description | Stars |
|---|---|---|
 gui774ume/ebpfkit | A rootkit powered by eBPF designed to demonstrate offensive security techniques and bypass kernel protections. | 761 |
 eterna1/puszek-rootkit | A Linux rootkit that hooks the system call table to hide files and processes. | 156 |
 eversinc33/banshee | A Windows kernel rootkit with anti-rootkit evasion features and keylogging capabilities. | 493 |
 mempodippy/vlany | A Linux rootkit designed to evade detection and maintain persistence on compromised systems | 944 |
 d4stiny/spectre | A proof-of-concept Windows kernel-mode rootkit designed to demonstrate legitimate communication channel exploitation for remote control. | 685 |
| gui774ume/ebpfkit-monitor | A tool designed to detect and protect against certain types of malicious eBPF bytecode | 123 |
 m0nad/diamorphine | A Linux kernel module designed to create a stealthy backdoor and hide processes or users from system administrators. | 1,840 |
 pathtofile/bad-bpf | Demonstrates security vulnerabilities in the Linux kernel's eBPF system | 549 |
 eunomia-bpf/eunomia-bpf | A toolchain to simplify building and running eBPF programs with CO-RE and WebAssembly support | 681 |
 d3ckx1/ola | A CS backdoor penetration module plugin that bundles various tools and features into a single package for convenience | 626 |
 yaoyumeng/adore-ng | A Linux rootkit adapted for 2.6 and 3.x kernel versions | 205 |
 squiffy/masochist | A framework for creating XNU-based rootkits with capabilities such as process manipulation and system call hijacking. | 124 |
 0xsobky/hackvault | A container repository for storing and sharing public web hacking techniques and tools. | 1,946 |
 p0cl4bs/wifipumpkin3 | A Python-based framework for conducting man-in-the-middle attacks and rogue access point exploits on wireless networks. | 1,982 |
 1n3/intruderpayloads | A collection of tools and methodologies for simulating web application attacks | 3,681 |