io_uring Rootkit Bypasses Linux Security Tools - ARMO
ARMO reveals how io_uring enables rootkits to bypass major Linux security tools like Falco, and Defender. Learn about the Curing rootkit and detection strategies.
The Definitive Guide to Linux Process Injection | Akamai
In this blog post, we document Linux process injection techniques, and explain how to detect and mitigate them.
Hiding in plain sight (part 2) - Abusing the dynamic linker
A stealthy process stomping method compatible with UNIX-like systems with anti-forensic enhancements for Linux.
Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9...
Persistence || Backdoor Techniques (Beginner to Advanced) in Linux
Part-1
GitHub - h3xduck/TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities. - GitHub - h3xduck/TripleCross: A Linux eBPF rootkit with a backdoor, C2, lib...
GitHub - liamg/traitor: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock - GitHub - liamg/traitor: Automatic Linux pr...
GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A list of useful payloads and bypass for Web Application Security and Pentest/CTF - GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and ...
GTFOBins
GitHub - huntergregal/mimipenguin: A tool to dump the login password from the current linux user
A tool to dump the login password from the current linux user - GitHub - huntergregal/mimipenguin: A tool to dump the login password from the current linux user
GitHub - m0nad/Diamorphine: LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64) - GitHub - m0nad/Diamorphine: LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
GitHub - kris-nova/boopkit: Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin. - GitHub - kris-nova/boopkit: Linux eBPF backdoor over TCP. Spawn reverse shells, RCE,...
GitHub - arget13/DDexec: A technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process.
A technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process. - GitHub - arget13/DDexec: A technique to run binaries filelessly and stealthily o...
In-Memory-Only ELF Execution (Without tmpfs)
In which we run a normal ELF binary on Linux without touching the filesystem(except /proc).