Skip to content

A kernel-mode rootkit with remote control

Notifications You must be signed in to change notification settings

nathe97/Win_Rootkit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Win_Rootkit

A kernel-mode rootkit with remote control that utilizes C++ Runtime in it's driver.
Uses DKOM and IRP Hooks.
Hiding Processes, token manipulation , hiding tcp network connections by port...

Hiding TCP network connections:

ezgif-6-8cefc9a805ab

Hiding Processes:

hide

Process elevation (token manipulation):

elev

Tested on Windows 7 SP 1

Features

  • Elevate Process privillages to NT AUTHORITY\SYSTEM by token manipulation
  • Hide process by unlinking from ActiveProcessLinks
  • Remote command execution
  • A remote keylogger
  • Dropper
  • TCP connection hiding by port (IRP hooking)

About

A kernel-mode rootkit with remote control

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 96.3%
  • C 3.7%