Stealthy Linux Kernel Rootkit for modern kernels (6x)

Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.

H2HC Magazine

Bubble.io security research: 0day / exploiting elasticsearch implementation / Research by: Lucca & Pedro

「⚔️」Ring 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.x

Lista de eventos tech que acontecem no Brasil

Uma tabela colaborativa e atualizada com eventos de cibersegurança no Brasil e no mundo. Inclui conferências, workshops, CTFs e outros eventos relevantes para a comunidade de segurança.

「☣」Unofficial (recreated) code for kill-floor.exe malware

POC/Demo hiding taint message from /dev/kmsg and dmesg.

「⚠️」Performing a BYOVD on the truesight.sys driver

Git-eXposed is a tool designed to detect and extract sensitive information from exposed Git repositories

Make an Linux Kernel rootkit visible again.

ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.

A simple LKM that uses ftrace to hook sys_kill

Just another Powerview alternative but on steroids

「🧊」Ring 3 Rootkit for Windows 10

Bypass the Event Trace Windows(ETW) and unhook ntdll.

This is a simple process injection made in C for Linux systems

「💀」Proof of concept on BYOVD attack

NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes.

SQL Injection Vulnerability Scanner made with Python

Demonized Shell is an Advanced Tool for persistence in linux.

「 📁」All files and code that are in the papers will be here

「🔄」A simple code that will load a shellcode directly into RAM memory in a new process

「⚙️」Detect which native Windows API's (NtAPI) are being hooked

「💥」CVE-2022-4944: KodExplorer <= 4.49 - CSRF to Arbitrary File Upload