Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

TripleCross First Release

Latest
Compare
Choose a tag to compare
Loading
@h3xduckh3xduck released this 03 Jul 10:19
· 14 commits to master since this release

Changelog

eBPF rootkit code base

  • User space rootkit program
  • eBPF programs configurator
  • Libbpf-powered eBPF programs in the kernel

Library injection module

  • Injection of libraries via GOT hijacking
  • Code caver module added using proc filesystem
  • Malicious library added

Execution hijacking module

  • Tampering with sys_execve syscalls
  • Malicious program to inject added

Backdoor and C2

  • New backdoor triggers:
    • Keyword-based
    • Pattern-based
    • Multi-packet
  • TC and XDP programs
  • 3 shells included:
    • Plaintext pseudo-shell
    • Encrypted pseudo-shell
    • Phantom pseudo-shell

Rootkit client

  • Multiple commands and pseudo-shells added for a remote client to connect with the backdoor

Persistence module

  • Added rootkit persistence across reboots via Cron and sudoers

Stealth module

  • Added rootkit files and directories hiding via getdents hijacking
Assets2
Loading
AkbarTrilaksana reacted with thumbs up emoji
1 person reacted
[8]ページ先頭
©2009-2025 Movatter.jp