{"id":26613567,"url":"https://github.com/0xflux/ferric-fox","last_synced_at":"2025-10-26T01:40:11.528Z","repository":{"id":282701514,"uuid":"949396651","full_name":"0xflux/Ferric-Fox","owner":"0xflux","description":"A windows 11 rootkit in Rust","archived":false,"fork":false,"pushed_at":"2025-03-23T14:23:54.000Z","size":25,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-10T03:37:36.783Z","etag":null,"topics":["edr","edr-evasion","rootkit","rootkit-kernel","rootkit-windows","rust-rootkit","security-research","windows-kernel","windows-kernel-exploitation","windows-rootkit","windows-rootkits"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xflux.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-16T11:18:22.000Z","updated_at":"2025-04-01T20:52:33.000Z","dependencies_parsed_at":"2025-04-10T03:30:06.550Z","dependency_job_id":"3b32ed01-15bb-46db-b4d5-7e46ea589ee6","html_url":"https://github.com/0xflux/Ferric-Fox","commit_stats":null,"previous_names":["0xflux/ferric-fox"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/0xflux/Ferric-Fox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xflux%2FFerric-Fox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xflux%2FFerric-Fox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xflux%2FFerric-Fox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xflux%2FFerric-Fox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xflux","download_url":"https://codeload.github.com/0xflux/Ferric-Fox/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xflux%2FFerric-Fox/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262407323,"owners_count":23306352,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["edr","edr-evasion","rootkit","rootkit-kernel","rootkit-windows","rust-rootkit","security-research","windows-kernel","windows-kernel-exploitation","windows-rootkit","windows-rootkits"],"created_at":"2025-03-24T04:34:55.892Z","updated_at":"2025-10-26T01:40:11.456Z","avatar_url":"https://github.com/0xflux.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ferric Fox\n\nA Windows 11 (24H2) rootkit written in Rust to implement Kernel Mode ETW bypasses. \n\nThis project is not designed to be a complete rootkit, just showcasing the elements related to ETW evasion and bypasses. This is done to complement my EDR, [Sanctum](https://github.com/0xflux/Sanctum), for which\nI am doing my own research to monitor and detect attempts to bypass the ETW mechanism in the kernel via a rootkit (or other methods\nof kernel mode execution).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xflux%2Fferric-fox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xflux%2Fferric-fox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xflux%2Fferric-fox/lists"}