Skip to content

redrockstyle/rk25

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
doc
doc
 
 
img
img
 
 
rk25_driver
rk25_driver
 
 
rk25_mng
rk25_mng
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

RK25 Rootkit

Windows kernel-level rootkit adapting to multiple OS versions

Supported Platforms License WDK Version

Project Overview

RK25 is a kernel-mode rootkit driver designed to dynamically adapt to various Windows versions through syscall table hooking and memory management techniques. Built as a WDM driver, it provides stealth capabilities while maintaining compatibility across major Windows updates.

Architecture

graph TD;
    A[RK25 Core] o--o B[Hooking]
    A o--o E[Command Dispatcher]
    A o--o F[Kernel Searcher]
    A o--o G[OS Version Switcher]
    E-->H[IOCTL]
    B-->C[Syscall Hooking]
    B-->D[Network Hooking]
    
    K[EntryPoint]-->|init|F
Loading

Key Features

  • Automatic OS Version Detection
  • Process hiding
  • Process privilege escalation
  • Network connection hiding
  • ... and something in development :D

Dev Requirements

  • WDK/SDK
  • Visual Studio (driver)
  • Golang (manager)
  • WinDBG
  • OS Windows VM (VMWare etc)

📄 License

MIT License - see LICENSE for details

About

Windows Kernel-Level Rootkit

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages