Stars
KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).
A Swiss Army knife for offensive security with its own blades.
An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM
Android Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators
Rust out-of-tree Linux Kernel Modules (LKMs) experimentation framework
LibZeroEvil & the Research Rootkit project.
This is the list of all rootkits found so far on github and other sites.
The Linux Kernel Module Programming Guide (updated for 5.0+ kernels)
Linux Kernel Defence Map shows the relationships between vulnerability classes, exploitation techniques, bug detection mechanisms, and defence technologies
eBPF implementation that runs on top of Windows
Learning eBPF, published by O'Reilly - out now! Here's where you'll find a VM config for the examples, and more
eBPF Developer Tutorial: Learning eBPF Step by Step with Examples
A curated list of awesome projects related to eBPF.
CVE-2025-24799 Exploit: GLPI - Unauthenticated SQL Injection
ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
「⚔️」Ring 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.x
Attacking the cleanup_module function of a kernel module
kernel callback removal (Bypassing EDR Detections)
CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
🕵️♂️ Pretty Bspwm Environment Setup in Kali Linux
Indicators Of Presence for linux EDRs, AVs and Monitoring Tools