# Windows_RootKit

**Repository Path**: baohongyu/Windows_RootKit

## Basic Information

- **Project Name**: Windows_RootKit
- **Description**: clone 备份来的...
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: main
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2023-10-03
- **Last Updated**: 2023-12-18

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Windows_RootKit
A windows kernel-mode rootkit with remote control;
Ideal Post-exploitation persistence on windows

Uses DKOM and IRP Hooks.
Hiding Processes, token manipulation , hiding tcp network connections by port

### Features
- [x] Elevate Process privillages to NT AUTHORITY\SYSTEM by token manipulation
- [x] Hide process by unlinking from ActiveProcessLinks
- [x] Remote command execution
- [x] A remote keylogger
- [x] Dropper
- [x] TCP connection hiding by port (IRP hooking)