[netexec]

One of the best rootkits currently, hides very well for strong persistence.

Singularity is a sophisticated rootkit that operates at the kernel level, providing:

• Process Hiding: Make any process completely invisible to the system
  
• File & Directory Hiding: Conceal files using pattern matching
  
• Network Stealth: Hide TCP/UDP connections, ports, and conntrack entries
  
• Privilege Escalation: Signal-based instant root access
  
• Log Sanitization: Filter kernel logs and system journals in real-time
  
• Self-Hiding: Remove itself from module lists and system monitoring
  
• Remote Access: ICMP-triggered reverse shell with automatic hiding
  
• Anti-Detection: Evade eBPF-based runtime security tools (Falco, Tracee), bypass Linux Kernel Runtime Guard (LKRG), and prevent io_uring bypass attempts
  
• Audit Evasion: Drop audit messages for hidden processes at netlink level with statistics tracking and socket inode filtering
  
• Memory Forensics Evasion: Filter /proc/kcore, /proc/kallsyms, /proc/vmallocinfo
  
• Cgroup Filtering: Filter hidden PIDs from cgroup.procs
  
• Syslog Evasion: Hook do_syslog to filter klogctl() kernel ring buffer access
  
• Debugfs Evasion: Filter output of tools like debugfs that read raw block devices
  
• Conntrack Filtering: Hide connections from /proc/net/nf_conntrack and netlink SOCK_DIAG/NETFILTER queries
  
• SELinux Evasion: Automatic SELinux enforcing mode bypass on ICMP trigger
  
• LKRG Bypass: Evade Linux Kernel Runtime Guard detection mechanisms
  
• eBPF Security Bypass: Hide processes from eBPF-based runtime security tools (Falco, Tracee)
  

https://github.com/MatheuZSecurity/Singularity

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Contact Administration.

[Erlik]

One of the best rootkits currently, hides very well for strong persistence.

Singularity is a sophisticated rootkit that operates at the kernel level, providing:

• Process Hiding: Make any process completely invisible to the system
  
• File & Directory Hiding: Conceal files using pattern matching
  
• Network Stealth: Hide TCP/UDP connections, ports, and conntrack entries
  
• Privilege Escalation: Signal-based instant root access
  
• Log Sanitization: Filter kernel logs and system journals in real-time
  
• Self-Hiding: Remove itself from module lists and system monitoring
  
• Remote Access: ICMP-triggered reverse shell with automatic hiding
  
• Anti-Detection: Evade eBPF-based runtime security tools (Falco, Tracee), bypass Linux Kernel Runtime Guard (LKRG), and prevent io_uring bypass attempts
  
• Audit Evasion: Drop audit messages for hidden processes at netlink level with statistics tracking and socket inode filtering
  
• Memory Forensics Evasion: Filter /proc/kcore, /proc/kallsyms, /proc/vmallocinfo
  
• Cgroup Filtering: Filter hidden PIDs from cgroup.procs
  
• Syslog Evasion: Hook do_syslog to filter klogctl() kernel ring buffer access
  
• Debugfs Evasion: Filter output of tools like debugfs that read raw block devices
  
• Conntrack Filtering: Hide connections from /proc/net/nf_conntrack and netlink SOCK_DIAG/NETFILTER queries
  
• SELinux Evasion: Automatic SELinux enforcing mode bypass on ICMP trigger
  
• LKRG Bypass: Evade Linux Kernel Runtime Guard detection mechanisms
  
• eBPF Security Bypass: Hide processes from eBPF-based runtime security tools (Falco, Tracee)
  

https://github.com/MatheuZSecurity/Singularity

Thanks

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Contact Administration.