Home

Awesome

Win_Rootkit

A kernel-mode rootkit with remote control that utilizes C++ Runtime in it's driver.
Uses DKOM and IRP Hooks.
Hiding Processes, token manipulation , hiding tcp network connections by port...

Hiding TCP network connections:

ezgif-6-8cefc9a805ab

Hiding Processes:

hide

Process elevation (token manipulation):

elev

Tested on Windows 7 SP 1

Features