Win_Rootkit

A kernel-mode rootkit with remote control that utilizes C++ Runtime in it's driver.
Uses DKOM and IRP Hooks.
Hiding Processes, token manipulation , hiding tcp network connections by port...

Hiding TCP network connections:

Hiding Processes:

Process elevation (token manipulation):

Tested on Windows 7 SP 1

Features

Elevate Process privillages to NT AUTHORITY\SYSTEM by token manipulation
Hide process by unlinking from ActiveProcessLinks
Remote command execution
A remote keylogger
Dropper
TCP connection hiding by port (IRP hooking)

Name		Name	Last commit message	Last commit date
Latest commit History 92 Commits
rootkit_client		rootkit_client
rootkit_driver		rootkit_driver
rootkit_dropper		rootkit_dropper
.gitignore		.gitignore
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Win_Rootkit

Hiding TCP network connections:

Hiding Processes:

Process elevation (token manipulation):

Features

About

Releases

Packages

Languages

alal4465/Win_Rootkit

Folders and files

Latest commit

History

Repository files navigation

Win_Rootkit

Hiding TCP network connections:

Hiding Processes:

Process elevation (token manipulation):

Features

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages