fsfilter-rs
Nidhogg
fsfilter-rs | Nidhogg | |
---|---|---|
2 | 9 | |
33 | 1,601 | |
- | - | |
3.0 | 8.1 | |
about 1 year ago | 21 days ago | |
C++ | C++ | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fsfilter-rs
-
winhook-rs: Windows API Hooking in Rust
Also see: Experimental: A rust library to monitor filesystem 🪛 and more in windows
-
Linux Security — LSM (Linux Security Modules)
I have beginner level question; is ETW as fast and as informative as using your own minifilter? I am trying to make a system monitor clone and would like it to be fast AF.
Nidhogg
-
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
This is not an exploit nor an example about how to write a driver and I didn't write anywhere about an exploit or how to write an driver. If you are looking for these kind of resources, feel free to check out my driver programming blog series "Lord of the Ring0" (and a talk that will be released soon! :) ): https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
- Release Version 0.4 Release - Nidhogg - The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file - this version introduced various new capabilities
- Nidhogg: Nidhogg is an all-in-one simple to use rootkit for red teams.
-
Lord Of The Ring0 (Part 2) - Lessons Learned Developing the Nidhogg Rootkit
Part 1
- Nidhogg: Nidhogg is an all-in-one simple to use rootkit for red teams. Nidhogg can work on any version of Windows 10 and Windows 11.
- Nidhogg: Nidhogg is an all-in-one simple to use rootkit for red teams. Nidhogg can work on any version of Windows 10 and Windows 11. - in reality this is a userland implant
- Nidhogg rootkit - An all in one rootkit for all windows 10 versions and windows 11 that can be managed with single hpp file
What are some alternatives?
winfsp - Windows File System Proxy - FUSE for Windows [Moved to: https://github.com/winfsp/winfsp]
Cronos-Rootkit - Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
poc-windows-rust-filter - Windows Minifilter Driver in pure Rust
PowerShell-Red-Team - Collection of PowerShell functions a Red Teamer may use in an engagement
WinXSearch - a better context menu search
Sandman - Sandman is a NTP based backdoor for red team engagements in hardened networks.
winhook-rs - Windows API Hooking in Rust
Inline-Execute-PE - Execute unmanaged Windows executables in CobaltStrike Beacons
evil-mhyprot-cli - A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.
boom-os - This is an x64 OS barely at development stages with hobbyist goals
GarHal_CSGO - A project that demonstrates how to screw with CSGO from Kernel Space. (CSGO Kernel Cheat/Hack) All cleaned up, and with updated offsets.
CVE-2020-15368 - CVE-2020-15368, aka "How to exploit a vulnerable driver"