Hiding kernel-driver for x86/x64.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

ebpfkit is a rootkit powered by eBPF

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

Hypervisor Memory Introspection Core Library

Kernel rootkit, that lives inside the Windows registry values data

Linux kernel rootkit

A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68

Your interpreter isn’t safe anymore  —  The PHP module backdoor

LD_PRELOAD Rootkit

Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)

A LKM rootkit for most newer kernel versions.

It's a kernel-based keylogger for Windows x86/x64.

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits