r77-rootkit
TitanHide
r77-rootkit | TitanHide | |
---|---|---|
1 | 1 | |
1,501 | 1,956 | |
- | - | |
5.6 | 2.5 | |
12 days ago | 4 months ago | |
C | C | |
BSD 2-clause "Simplified" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
r77-rootkit
-
$sxr-powershell.exe
It could be this rootkit: https://github.com/bytecode77/r77-rootkit
TitanHide
-
How do I debug software that detaches as soon as I attach the debugger
If the poster is using x64dbg, there is another great alternative to ScyllaHide which is SharpOD, get the original files here (chinese website cause chinese author, just use google translate plugin in your browser). Where it really shines through is to remain undetected when ScyllaHide fails to do so, especially when the malware is packed by newer packers like VMProtect 3.5 (very annoying). If that's not enough too, check out TitanHide (risky), also an anti anti debugger but requires disabling PatchGuard beforehand (MUST use virtual machine).
What are some alternatives?
WSAAcceptBackdoor - Winsock accept() Backdoor Implant.
ScyllaHide - Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
Stuxnet-Source - stuxnet Source & Binaries. (+PLC ROOTKIT) ONLY FOR ACADEMICAL RESEARCH AND EDUCATIONAL PURPOSES! Includes: Source files, Binaries, PLC Samples,Fanny Added in another repo.
ebpfkit - ebpfkit is a rootkit powered by eBPF
opendragon - Open Redragon drivers for Linux. Currently only supporting some mice.
ebpfkit-monitor - ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
dokany - User mode file system library for windows with FUSE Wrapper
TripleCross - A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.