zeromemoryex / chaos-rootkit Goto Github PK

Now You See Me, Now You Don't

C 39.62% C++ 58.79% Makefile 0.05% Batchfile 0.01% Objective-C 0.35% Objective-C++ 1.16% Shell 0.01% GLSL 0.01% GDB 0.01%

driver kernel malware-development rootkit

chaos-rootkit's People

Contributors

Stargazers

Watchers

Forkers

gmh5225 pdolinic askyeye gavz ddawxaf fengjixuchui j88001 lck0 cmjlove1 tobey123 wuxueeee kyuan1088 shonker test1213145 lay0us1 h1d3r hotelzululima comibat cvlabsio oxfemale unclej4ck crackercat msf-ntdll jiajinrong12138 codechina888 huntmeta xkroot windowskernel nanaao classic130 phuong39 mooolight kara-4search b30wulf st-rnd kalikex1 zzhsec tzf-omkey cloutain opensesamedoors 0000000100000000 egebalci jermainlaforce kolufs ahmedsakrr changheluor007 auxiliarya axax002 5l1v3r1 daxiong1949 l34rn kungia09 y11en bb33bb v1rtu0l bypasscc zha0 exiahan fzkiritsugu pwndumb d4rkduck zhouzu psyrun superuser5 a7t0fwa7 trevor3000 xalicex c3pain ellen2015 uakbr shuizhun noorahsmith nuclearatk 393686984 killf8 autoplay1999 bylldgo a1swartz a-new vaginessa levisre freeide gnusec anti-ghosts phylumchordata eamon-cai dvlp-org rewindmtm mushfiqur47 asdlei99 n844aa werwolfz harryeetsource edymorph jabra- ttsite alexanderejdc overphoenix deepwather addict4ever

chaos-rootkit's Issues

hello sir
Would you please answer my two questions?
1- First, I have a question about Falcon Bypass. What is your opinion about falcon bypass?
2- If you have a zero day about it or you can make it, can I have it,? I mean to buy it for my company?

unable to connect to rootkit INVALID_HANDLE_VALUE

2024-03-31.12-56-26.mp4

It has been deleted by Windows defender, is there any way to let Windows defenders, such as confusion?

Could not connect to rootkit.

Subject: Unable to Connect to Rootkit - "INVALID_HANDLE_VALUE" Error

Description:

I've encountered an issue while trying to use the Chaos Rootkit. I followed the steps below:

Downloaded all the necessary rootkit files from the release page, including "Chaos-Rootkit.sys," "imgui.ini," and "ring3-gui.exe."
Launched "ring3-gui.exe."
Clicked on the "Connect to rootkit" button.

However, each time I attempt to connect to the rootkit, I encounter the following error message in the "ring3-gui.exe" console:

INVALID_HANDLE_VALUE

I would appreciate any help or guidance on resolving this issue. Thank you in advance for your assistance!

Best regards,
WilleLX1

BSOD / Console bug

After hiding a process the OS BSODs after some time - already reported by another users.

Also the console version does have a code mistake in it, its using PROTECTION_LEVEL_ANTIMALWARE_LIGHT instead of HIDE_PROC

Mane Grew's Team's team size has changed

You now have 2 members in your team.

https://bardeen.ai

bardeen.ai https://bardeen.ai

Size of Mane Grew's Team changed

Hey Mane Grew, we are writing to inform you that your team size has changed

From 1 to 2

You don't have to take any action, but this might have changed the price of
your subscription.

https://www.facebook.com/bardeenai https://twitter.com/bardeenai
https://www.youtube.com/channel/UCUPnzfAv4f7fajg-7jIVCiQ
https://www.linkedin.com/company/bardeen/ https://www.tiktok.com/@bardeen.ai

Is this malware able to escalate rights locally?

Failed to Open Device

Please take a look

Hide registry

Hi, is it possible to hide registry entry’s as well?
I use a tool named reWASD to map controller buttons for call of duty, but it’s anticheat detect it as hack, wich is not, so I look for rootkit to hide reWASD completely in driver, processes and registry…
Cause cod dont even start if the tool is installed, even if its not running

A blue screen will appear after using it for a period of time

I use the GUI interface program to hide the process, and then it will blue screen after about an hour or two

Is this malware able to escalate rights locally?

needs wdk？

needs wdk? i am a new learner

Help

Hello, I would like to know how do I make it so that when the driver loads automatically it does things for me without needing the usermode interface? for example : look for the process called test.exe elevate to winsystem ppl and then hide it from the task manager ?