Red Team Operator | Threat Intelligence | Security Researcher | Malware Researcher
Singularity. Stealthy Linux Kernel Rootkit for modern kernels (6x)
1.7kD3m0n1z3dShell. Demonized Shell is an Advanced Tool for persistence in linux.
453RingReaper. Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.
382Rootkit. Collection of codes focused on Linux rootkits
215Koth-TryHackMe-Tricks. Koth - TryHackMe Tricks
194ElfDoor-gcc. ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
133ksentinel. Linux kernel integrity monitor for detecting syscall hooking
88ModTracer. ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.
86detect-lkm-rootkit-cheatsheet. Cheat sheet to detect and remove linux kernel rootkit
82systemd-backdoor. A simple script to automate systemd backdoor
72NullSection. NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes.
66Imperius. Make an Linux Kernel rootkit visible again.
60UnhookingLinuxEdr. Attacking the cleanup_module function of a kernel module
57Exploit-CVE-2025-24799. CVE-2025-24799 Exploit: GLPI - Unauthenticated SQL Injection
33Infector. This is a simple process injection made in C for Linux systems
28koth-protect-king. A script to protect your king in KoTH
18KThreadShell. Persistent Reverse Shell with Kernel Thread Monitoring and Uninterruptible Sleep
12Simple-BufferOverflow. A simple C program to demonstrate a Buffer Overflow.
12RootKits-List-Download. This is the list of all rootkits found so far on github and other sites.
12Simple-PortScanner. A simple port scanner made in python 3.
11Taint. POC/Demo hiding taint message from /dev/kmsg and dmesg.
10KillHook. A simple LKM that uses ftrace to hook sys_kill
9matheuzsecurity.github.io. My blog
7writeup-ctf-meninadecybersec.
6awesome-linux-rootkits. awesome-linux-rootkits
4