admin/TripleCross

mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-16 15:23:07 +08:00

Go to file

Juan Tapiador e465d35dba Update README.md

2022-07-01 16:07:31 +02:00

Added multiple small changes to client and code, submitting almost finished chapter 5

2022-06-18 10:57:10 -04:00

Final modification

2022-06-23 15:54:20 -04:00

Cleaned unnecessary files, new gitignore for previous clones

2022-06-25 12:11:04 -04:00

.gitignore

Removed libbpf bootstrap from repo

2022-06-26 12:33:11 -04:00

README.md

Update README.md

2022-07-01 16:07:31 +02:00

README.md

TripleCross

Instructions soon! For now, you can read the paper at docs/ebpf_offensive_rootkit

TripleCross is an eBPF rootkit for Linux featuring the following capabilities:

A library injection module to execute malicious code by writing at a process' virtual memory.
An execution hijacking module that modifies data passed to the kernel to execute malicious programs.
A local privilege escalation module that allows for running malicious programs with root privileges.
A backdoor with C2 capabilities that can monitor the network and execute commands sent from a remote rootkit client. It incorporates multiple activation triggers so that these actions are transmitted stealthy.
A rootkit client that allows an attacker to establish 3 different types of shell-like connections to send commands and actions that control the rootkit state remotely.
A persistence module that ensures the rootkit remains installed maintaining full privileges even after a reboot event.
A stealth module that hides rootkit-related files and directories from the user.