Hacking

211 bookmarks

Custom sorting

Hooked on Linux: Rootkit Taxonomy, Hooking Techniques and Tradecraft — Elastic Security Labs

In this first part of a two-part series, we explore Linux rootkit taxonomy, trace their evolution from userland shared object hijacking and kernel-space loadable kernel module hooking to modern eBPF- and io_uring-powered techniques.

#linux-malware #linux-rootkit

·elastic.co·Mar 6, 2026

Hooked on Linux: Rootkit Taxonomy, Hooking Techniques and Tradecraft — Elastic Security Labs

GitHub - splintersfury/AutoPiff: Semantic analysis engine for detecting vulnerability fixes in Windows kernel driver patches — 58 YAML rules, Ghidra decompilation, reachability tracing, and scoring

Semantic analysis engine for detecting vulnerability fixes in Windows kernel driver patches — 58 YAML rules, Ghidra decompilation, reachability tracing, and scoring - splintersfury/AutoPiff

#automation #vulnerable-driver

·github.com·Feb 24, 2026

GitHub - splintersfury/AutoPiff: Semantic analysis engine for detecting vulnerability fixes in Windows kernel driver patches — 58 YAML rules, Ghidra decompilation, reachability tracing, and scoring

Indirect System Calls | Crow's Nest

September 12th, 2023

#obfuscation #syscalls

·crow.rip·Jan 21, 2026

Indirect System Calls | Crow's Nest

Redops

#obfuscation

·redops.at·Jan 21, 2026

Redops

x011/smtp-tunnel-proxy: A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.

A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls. - x011/smtp-tunnel-proxy

#smtp #odd-c2

·github.com·Jan 7, 2026

x011/smtp-tunnel-proxy: A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.

MatheuZSecurity/Singularity: Stealthy Linux Kernel Rootkit for modern kernels (6x)

Stealthy Linux Kernel Rootkit for modern kernels (6x) - MatheuZSecurity/Singularity

#linux-rootkit #rootkit

·github.com·Jan 5, 2026

MatheuZSecurity/Singularity: Stealthy Linux Kernel Rootkit for modern kernels (6x)

Neo23x0/NoCat: A harmless Netcat-lookalike for detection testing. Simulates NC-style command-line flags and listener behavior without exposing a real backdoor or shell.

A harmless Netcat-lookalike for detection testing. Simulates NC-style command-line flags and listener behavior without exposing a real backdoor or shell. - Neo23x0/NoCat

#threat-emulation

·github.com·Nov 28, 2025

Neo23x0/NoCat: A harmless Netcat-lookalike for detection testing. Simulates NC-style command-line flags and listener behavior without exposing a real backdoor or shell.

OWASP Noir

#scanner #vulnerability-scanner

·owasp-noir.github.io·Nov 25, 2025

OWASP Noir

GitHub - keowu/Ryujin: Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool

Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool - keowu/Ryujin

#obfuscation

·github.com·Nov 19, 2025

GitHub - keowu/Ryujin: Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool

zardus/preeny

Some helpful preload libraries for pwning stuff

·github.com·Nov 7, 2025

zardus/preeny

EDR Redir

·github.com·Nov 7, 2025

EDR Redir

FullHunt 💜 Open-Source: 39,408 Exploits from 0day.today is Back Online

FullHunt is rolloing out the complete 0day.today archive, featuring 39,408 exploits and nearly three decades of vulnerability research.

·fullhunt.io·Sep 29, 2025

FullHunt 💜 Open-Source: 39,408 Exploits from 0day.today is Back Online

The Only JWT Security Guide You Will Ever Need

Unlock secrets of JWT Security with our latest comprehensive security blog, the only one you will ever need! Learn to safeguard your modern systems with JWT Security guide & it's best practices.

#jwt

·darkrelay.com·Sep 27, 2025

The Only JWT Security Guide You Will Ever Need

hackerhouse-opensource/SetupHijack: SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and update processes.

SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and update processes. - hackerhouse-opensource/SetupHijack

#privilege-escalation

·github.com·Sep 25, 2025

hackerhouse-opensource/SetupHijack: SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and update processes.

dis0rder0x00/obex: Obex – Blocking unwanted DLLs in user mode

Obex – Blocking unwanted DLLs in user mode

·github.com·Sep 19, 2025

dis0rder0x00/obex: Obex – Blocking unwanted DLLs in user mode

cc1a2b/JShunter: jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security v...

·github.com·Sep 16, 2025

Leveraging Raw Disk Reads to Bypass EDR | by Christopher Ellis | Workday Technology Blog | Sep, 2025 | Medium

Leveraging Raw Disk Reads to Bypass EDR Drivers are a common part of every Windows environment, and many of them provide low-level functionality. This blog details how to connect with a default …

·medium.com·Sep 4, 2025

Leveraging Raw Disk Reads to Bypass EDR | by Christopher Ellis | Workday Technology Blog | Sep, 2025 | Medium

GitHub - 0x4m4/hexstrike-ai: HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b...

·github.com·Sep 3, 2025

fkie-cad/cwe_checker: cwe_checker finds vulnerable patterns in binary executables

cwe_checker finds vulnerable patterns in binary executables - fkie-cad/cwe_checker

#vulnerability #vulnerability-scanner #code-analysis #binary-analysis #binary-exploits

·github.com·Aug 19, 2025

fkie-cad/cwe_checker: cwe_checker finds vulnerable patterns in binary executables

Print3M/DllShimmer: Weaponize DLL hijacking easily. Backdoor any function in any DLL.

Weaponize DLL hijacking easily. Backdoor any function in any DLL. - Print3M/DllShimmer

#dll-hijacking #dll-sideload

·github.com·Aug 19, 2025

Print3M/DllShimmer: Weaponize DLL hijacking easily. Backdoor any function in any DLL.

the tigress c obfuscator

#obfuscation #malware-evasion #malware-dev

·tigress.wtf·Jul 25, 2025

the tigress c obfuscator

Loki: Hardening Code Obfuscation Against Automated Attacks

#malware-evasion #obfuscation

·usenix.org·Jul 24, 2025

Loki: Hardening Code Obfuscation Against Automated Attacks

GitHub - BlackSnufkin/LitterBox: A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabilities.

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil...

#malware-analysis #malware-dev

·github.com·Jul 23, 2025

ghostsecurity/reaper: 💀 Don't fear the Reaper 👻

💀 Don't fear the Reaper 👻

·github.com·Jul 1, 2025

ghostsecurity/reaper: 💀 Don't fear the Reaper 👻

.NET GAC and NIC hijacking for lateral movement - ...

#lateral-movement #.net

·williamknowles.io·Apr 30, 2025

.NET GAC and NIC hijacking for lateral movement - ...

io_uring Rootkit Bypasses Linux Security Tools - ARMO

ARMO reveals how io_uring enables rootkits to bypass major Linux security tools like Falco, and Defender. Learn about the Curing rootkit and detection strategies.

#linux-hacking #linux-malware #ebpf

·armosec.io·Apr 25, 2025

io_uring Rootkit Bypasses Linux Security Tools - ARMO

lwthiker/curl-impersonate: curl-impersonate: A special build of curl that can impersonate Chrome & Firefox

curl-impersonate: A special build of curl that can impersonate Chrome & Firefox - lwthiker/curl-impersonate

·github.com·Apr 3, 2025

lwthiker/curl-impersonate: curl-impersonate: A special build of curl that can impersonate Chrome & Firefox

FunnyWolf/Viper: A Unified Platform for Adversary Emulation and Red Team Operations

A Unified Platform for Adversary Emulation and Red Team Operations - FunnyWolf/Viper

#threat-emulation

·github.com·Mar 31, 2025

FunnyWolf/Viper: A Unified Platform for Adversary Emulation and Red Team Operations

DosX-dev/Astral-PE: Astral-PE is a low-level mutator (headers obfuscator) for native Windows PE files (x32/x64)

Astral-PE is a low-level mutator (headers obfuscator) for native Windows PE files (x32/x64) - DosX-dev/Astral-PE

#packer #obfuscation

·github.com·Mar 26, 2025

DosX-dev/Astral-PE: Astral-PE is a low-level mutator (headers obfuscator) for native Windows PE files (x32/x64)

wietze/ArgFuscator.net: ArgFuscator.net is an open-source, stand-alone web application that helps generate obfuscated command lines for common system-native executables.

ArgFuscator.net is an open-source, stand-alone web application that helps generate obfuscated command lines for common system-native executables. - wietze/ArgFuscator.net

·github.com·Feb 7, 2025

wietze/ArgFuscator.net: ArgFuscator.net is an open-source, stand-alone web application that helps generate obfuscated command lines for common system-native executables.