Skip to content

arkantolo/latebros

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

89 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

latebros

x64 usermode rootkit. This was a project i made (with help from Daax and JustMagic) while researching usermode rootkits. Project is neither under development nor finished.

Capabilities

  • Hide process from enumeration
  • Hide registry key from enumeration
  • Hide file for modification
  • Protect process from modification
  • Protect file from modification
  • Protect registry key from erasure

Hooks

  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtQueryDirectoryFile
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtEnumerateValueKey

Thanks to

  • Daax
  • JustMagic

About

x64 usermode rootkit

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%