Search the Community

Ring 3 rootkit r77 is a ring 3 Rootkit that hides the following entities from all processes: Files, directories, named pipes, scheduled tasks Processes CPU usage Registry keys & values TCP & UDP connections It is compatible with Windows 7 and Windows 10 in both x64 and x86 editions. [hide][Hidden Content]]

StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a user will only need to load the StayKit.cna aggressor script. Additionally, the SharpStay assembly will need to be compiled and placed into the directory where StayKit.cna is located. Finally, if selecting a template for the payload some may require dynamic compiling which will uses Mono. The persistence menu will be added to the beacon. Due to the nature of how each technique is different there is only a GUI menu and no beacon commands. [Hidden Content] [Hidden Content]

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc. Ring 3 rootkit r77 is a ring 3 Rootkit that hides following entities from all processes: Files, directories, junctions, named pipes, scheduled tasks Processes CPU usage Registry keys & values Services TCP & UDP connections It is compatible with Windows 7 and Windows 10 in both x64 and x86 editions. [hide][Hidden Content]]

This Metasploit module uploads a payload and declares that it is the debug process to launch when a specified process exits. View the full article

This Metasploit module will run a payload when the package manager is used. No handler is run automatically so you must configure an appropriate exploit/multi/handler to connect. Module modifies a yum plugin to launch a binary of choice. grep -F 'enabled=1' /etc/yum/pluginconf.d/ will show what plugins are currently enabled on the system. View the full article

This Metasploit module creates a pre-invoke hook for APT in apt.conf.d. The hook name syntax is numeric followed by text. View the full article

This Metasploit module will create an autostart entry to execute a payload. The payload will be executed when the users logs in. View the full article

This Metasploit module will edit /etc/rc.local in order to persist a payload. The payload will be executed on the next reboot. View the full article

Full credit to original cracker (kalipo) Its another hf product....just posting for anyone who wishes to use it SALES THREAD: Mirror: [HIDE][Hidden Content]]