Displaying 1 to 13 from 13 results

rootkit - Linux rootkit for Ubuntu 16

  •    C

A simple Linux kernel rootkit written for fun, not evil. The rootkit was tested to work on Linux kernels 2.6.32-38 and 4.4.0-22 as provided by Ubuntu in Ubuntu 10.04.4 LTS and Ubuntu 16.04 LTS respectively, but it should be very easy to port to kernels in-between, as well as newer ones.

HiddenWall - Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, rootkit functions etc)

  •    C

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall).

s6_pcie_microblaze - PCI Express DIY hacking toolkit for Xilinx SP605

  •    C

This repository contains a set of tools and proof of concepts related to PCI-E bus and DMA attacks. It includes HDL design which implements software controllable PCI-E gen 1.1 endpoint device for Xilinx SP605 Evaluation Kit with Spartan-6 FPGA. In comparison with popular USB3380EVB this design allows to operate with raw Transaction Level Packets (TLP) of PCI-E bus and perform full 64-bit memory read/write operations. It's early version of my first much or less complicated FPGA project, so the speed is quite slow (around 1-2 Mb/s), but in upcoming releases it will be significantly increased by connecting PCI-E endpoint to MicroBlaze soft processor with AXI DMA engine. However, even such low speed is more than enough for reliable implementation of various practical attacks over PCI-E bus: to demonstrate applied use cases of the design, there's a tool for pre-boot DMA attacks on UEFI based machines which allow executing arbitrary UEFI DXE drivers during platform init. Another example shows how to use pre-boot DMA attacks to inject Hyper-V VM exit handler backdoor into the virtualization-based security enabled Windows 10 Enterprise running on UEFI Secure Boot enabled platform. Provided Hyper-V backdoor PoC might be useful for reverse engineering and exploit development purposes, it provides an interface for inspecting of hypervisor state (VMCS, physical/virtual memory, registers, etc.) from guest partition and perform the guest to host VM escape attacks. s6_pcie_microblaze.xise − Xilinx ISE project file.




awesome-linux-rootkits - awesome-linux-rootkits

  •    

BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.

enyelkm - LKM rootkit for Linux x86 with the 2

  •    C

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry. EnyeLKM hides files, directories and processes by inserting jumps to trampoline functions in both the system_call() and sys_enter() instructions in the kernel. All user space applications (read() , write(), etc) invoke kernel space functionality (system calls) through one of these two functions.

lsrootkit - Rootkit Detector for UNIX

  •    C

Warning!!: the code is bullshit (is only a beta prototype). Very Important: if lsrootkit process crash you can have a rootkit in the system with some bugs: memory leaks etc.


shadow-box-for-arm - Shadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)

  •    C

Shadow-box v2 (for ARM) is a next generation of Shadow-box v1 (for x86). If you want to know about Shadow-box for x86, please visit Shadow-box for x86 project. Shadow-box for ARM is an ARM TrustZone-based and practical kernel protector, and it was introduced at security conferences below.

shadow-box-for-x86 - Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)

  •    C

Shadow-box v2 (for ARM) is a next generation of Shadow-box v1 (for x86). If you want to know about Shadow-box for ARM, please visit Shadow-box for ARM project. Shadow-box is a lightweight and practical kernel protector, and it was introduced at security conferences below.