Suck-O Time
Support us
Latest posts
Feel free to register for an account here.
![]() |
![]() |
![]() |
Category: Rootkits |
|
|
![]() ![]() |
|
FUTo is the successor of FU. Its accompanying research paper can be found at www.uninformed.org. FUTo currently hides from Blacklight and IceSword as of the initial release. |
Created Size Downloads |
2010-07-19 12:46:57 472.42 KB 310 |
||
![]() ![]() |
|
Hides files, directories, and processes. |
Created Size Downloads |
2010-07-19 12:46:57 5.4 KB 343 |
||
![]() ![]() |
|
Winlogonhijack injects a dll into winlogon.exe and hooks msgina.WlxLoggedOutSAS, logging every login in plaintext. |
Created Size Downloads |
2010-07-19 12:46:57 103.18 KB 321 |
||
![]() ![]() |
|
The original and first public - has not been updated for many years but is good for ideas. |
Created Size Downloads |
2010-07-19 12:46:57 252.44 KB 301 |
||
![]() ![]() |
|
A portable Win32 userland rootkit. NtIllusion is an userland rootkit for win 2000/XP systems. It uses Dll injection and API entry point rewriting to perform its stealth. This is more a proof of concept than a true hax0r tool. |
Created Size Downloads |
2010-07-19 12:46:57 336.83 KB 309 |
||
![]() ![]() |
|
BootRoot is a project presented at Black Hat USA 2005 by researchers Derek Soeder and Ryan Permeh, as an exploration of technology that custom boot sector code can use to subvert the Windows kernel as it loads. |
Created Size Downloads |
2010-07-19 12:46:57 79.37 KB 305 |
||
![]() ![]() |
|
A Cross architecture Solaris rootkit the development of which is aimed to both increase understanding of the Solaris OS and to show that it's not just the external threats that a Solaris Admin should worry about. |
Created Size Downloads |
2010-07-19 12:46:57 5.51 KB 285 |
||
![]() ![]() |
|
This is the Russian rootkit, HE4HOOK. This code is very complete. |
Created Size Downloads |
2010-07-19 12:46:57 241.61 KB 327 |
||
![]() ![]() |
|
IceSword has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show. It isn't a "click-here-to-delete-rootkits" product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine. |
Created Size Downloads |
2010-07-19 12:46:57 2.1 MB 328 |
||
![]() ![]() |
|
Bootkit basic rootkit. |
Created Size Downloads |
2010-07-19 12:46:57 70.76 KB 299 |
||
![]() ![]() |
|
This is proof of concept code with a reusable function for injecting arbitrary functions into a process and then execute that function within the context of the process. This is useful for lots of things, none more obvious than hiding process execution. This code is however specific to NT as it uses functions such as VirtualAllocEx and CreateRemoteThread. |
Created Size Downloads |
2010-07-19 12:46:57 2.93 KB 282 |
||
![]() ![]() |
|
Logoner is first AC application. It hooks winlogon.exe process and captures user/domain/password combination to logfile winlogon.log in the system directory. |
Created Size Downloads |
2010-07-19 12:46:57 1.75 KB 303 |
||
![]() ![]() |
|
Vanquish is a DLL injection based Romanian rootkit that hides files, folders, registry entries and logs passwords. |
Created Size Downloads |
2010-07-19 12:46:57 42.79 KB 297 |
||
![]() ![]() |
|
The FU rootkit can hide processes, elevate process privileges, fake out the Windows Event Viewer so that forensics is impossible, and even hide device drivers (NEW!) All this without any hooking. |
Created Size Downloads |
2010-07-19 12:46:57 2.54 MB 291 |
||
![]() ![]() |
|
A telnetd backdoor(only works on NT systems). |
Created Size Downloads |
2010-07-19 12:46:57 293.26 KB 295 |
||
![]() ![]() |
|
This program patches Windows API to hide certain objects from being listed. FOR WINDOWS NT/2000/XP/2003 ONLY! |
Created Size Downloads |
2010-07-19 12:46:57 263.96 KB 293 |
||
![]() ![]() |
|
This is the Hacker Defender rootkit for Windows. This is more of a 'blackhat' tool than a training example. It is the most popular and wide spread rootkit today. |
Created Size Downloads |
2010-07-19 12:46:57 137.35 KB 337 |
||
![]() ![]() |
|
Morphine is very unique application for PE files encryption. Unlike other PE encryptors and compressors Morphine includes own PE loader which enables it to put whole source image to the .text section of new PE file. This one is very powerful because you can compress source file with your favourite compressor like UPX and then encrypt its output with Morphine. Another powerful thing here is polymorphic engine which always creates absolutely different decryptor for the new PE file. This mean if your favourite trojan horse is detected by an antivirus you can encrypt it with Morphine. You will not get the virus alert again. |
Created Size Downloads |
2010-07-19 12:46:57 55.78 KB 314 |
||