KRIe – Linux Kernel Runtime Integrity With eBPF

KRIe is a research project that aims to detect Linux Kernel exploits with eBPF. KRIe is far from being a bulletproof strategy: from eBPF related limitations to post exploitation detections that might rely on a compromised kernel to emit security events, it is clear that a motivated attacker will eventually be able to bypass it.Read More

Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats

Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is provided by volatility3. Features x509 Public and Private key (PKCS #8/PKCS #1) parsing SymCrypt parsing Supported structures SYMCRYPT_RSAKEY – Determines if the key structure also has a private key Matching to public certificates found inRead More

Casper-Fs – A Custom Hidden Linux Kernel Module Generator. Each Module Works In The File System To Protect And Hide Secret Files

Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect or hide files following a custom list in the YAML rule file. Yes, not even the root has permission to see the files or make actions like editRead More

Skrull – A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR And Signature Scanning From Kernel

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted. It’s a proof-of-concept of the talk of ROOTCON & HITCON 2021, checkRead More

Speakeasy – Windows Kernel And User Mode Emulation

Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Check out the overview in the first Speakeasy blog post. Instead of attempting to perform dynamic analysis using an entire virtualized operating system, Speakeasy will emulate specific components of Windows. Specifically, by emulating operating system APIs, objects, running processes/threads,Read More

Kconfig-Hardened-Check – A Tool For Checking The Hardening Options In The Linux Kernel Config

Motivation There are plenty of Linux kernel hardening config options. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure. But nobody likes checking configs manually. So let the computers do their job! helps me to check the Linux kernelRead More

Xnuspy – An iOS Kernel Function Hooking Framework For Checkra1N’Able Devices

Output from the kernel log after compiling and running example/open1_hook.c xnuspy is a pongoOS module which installs a new system call, xnuspy_ctl, allowing you to hook kernel functions from userspace. It supports iOS 13.x and 14.x on checkra1n 0.12.2 and up. 4K devices are not supported. Requires libusb: brew install libusb Building Run make inRead More