Skip to content
/ UserlandRootkit Public

CLI to hide processes from ProcessHacker and keys from Regedit

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nihalkenkre/UserlandRootkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
dropper
dropper
 
 
implant/x64
implant/x64
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Userland Rootkit

A command line tool to hide process and registry keys from windows tools.

The dropper module is the CLI and the implant is the sexe file that is implanted into the target application.

The target applications are Process Hacker and Regedit to hide processes and keys respectively.

Rootkit

Enter the rootkit

C:\> dropper.exe \ dropper.py

Exit the rootkit

Rootkit> exit

Implant

Insert the implant into the target application (ProcessHacker)

Rootkit> insert implant ph

Remove the implant from the target application (ProcessHacker)

Rootkit> remove implant ph

Processes

Hide a process from the ProcessHacker view

Rootkit> hide process malware.exe

Unhide a process from the ProcessHacker view

Rootkit> show process malware.exe

Keys

TODO

This functionality is not yet implemented.

About

CLI to hide processes from ProcessHacker and keys from Regedit

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages