GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → apriorit → Simple-Antirootkit-SST-Unhooker

apriorit / Simple-Antirootkit-SST-Unhooker

Licence: MIT license
This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks

Programming Languages

C++
36643 projects - #6 most used programming language
c
50402 projects - #5 most used programming language

Labels

windowshooksrootkitantivirussst

Projects that are alternatives of or similar to Simple-Antirootkit-SST-Unhooker

antirootkit-anti-splicer
The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers
Stars: ✭ 31 (+0%)
Mutual labels:  antivirus, sst
Awesome Windows Kernel Security Development
windows kernel security development
Stars: ✭ 1,208 (+3796.77%)
Mutual labels:  rootkit, antivirus
Spacecow
Windows Rootkit written in Python
Stars: ✭ 81 (+161.29%)
Mutual labels:  rootkit
Umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
Stars: ✭ 98 (+216.13%)
Mutual labels:  rootkit
Php Backdoor
Your interpreter isn’t safe anymore  —  The PHP module backdoor
Stars: ✭ 211 (+580.65%)
Mutual labels:  rootkit
Www.rootkit.com
www.rootkit.com users section mirror, sql database dump, and a few other files/rootkits.
Stars: ✭ 117 (+277.42%)
Mutual labels:  rootkit
Bdvl
LD_PRELOAD Linux rootkit (x86 & ARM)
Stars: ✭ 232 (+648.39%)
Mutual labels:  rootkit
Shadow Box For Arm
Shadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)
Stars: ✭ 64 (+106.45%)
Mutual labels:  rootkit
Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+806.45%)
Mutual labels:  antivirus
Hiddenwall
Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, functions to protect etc)
Stars: ✭ 187 (+503.23%)
Mutual labels:  rootkit
windows-defender
Malice Windows Defender AntiVirus Plugin
Stars: ✭ 31 (+0%)
Mutual labels:  antivirus
Shadow Box For X86
Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)
Stars: ✭ 178 (+474.19%)
Mutual labels:  rootkit
Awesome Windows Security Development
awesome-windows-security-development
Stars: ✭ 154 (+396.77%)
Mutual labels:  rootkit
NativePayload CBT
NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)
Stars: ✭ 109 (+251.61%)
Mutual labels:  antivirus
Awesome Linux Rootkits
a summary of linux rootkits published on GitHub
Stars: ✭ 107 (+245.16%)
Mutual labels:  rootkit
IAT API
Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.
Stars: ✭ 63 (+103.23%)
Mutual labels:  antivirus
Android Rootkit
A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68
Stars: ✭ 167 (+438.71%)
Mutual labels:  rootkit
Openssh Backdoor Kit
💣 just for fun ¯\_(ツ)_/¯
Stars: ✭ 211 (+580.65%)
Mutual labels:  rootkit
rkduck
Linux v4.x.x Rootkit
Stars: ✭ 83 (+167.74%)
Mutual labels:  rootkit
Judge-Jury-and-Executable
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+112.9%)
Mutual labels:  antivirus
View All Similar Projects ➔

Simple antirootkit

About

There are a number of ways for malware to intrude into the system. This project represents a simple software solution that helps to remediate one aspect of possible rootkit intrusions – System Service Table violations performed to hide files, services, or processes. This antirootkit restores original SST.

Implementation

The implementation of rootkit detection is based on the idea of comparing the current version of SST with the one stored in ntoskernel.exe. The techniques of work with the memory-mapped files in kernel mode are used.

You can find more explanations on how to develop an anti-rootkit, details and step-by-step programming tutorial in the related article.

License

Licensed under the MIT license. © Apriorit.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].