{"id":19023309,"url":"https://github.com/mandconsultinggroup/ring3-kit","last_synced_at":"2025-04-23T08:42:22.740Z","repository":{"id":60127089,"uuid":"176773852","full_name":"MandConsultingGroup/ring3-kit","owner":"MandConsultingGroup","description":"Hides Process From Task Manager Using NT API Hooking (NtQuerySystemInformation)","archived":false,"fork":false,"pushed_at":"2022-12-28T01:07:59.000Z","size":390,"stargazers_count":76,"open_issues_count":0,"forks_count":19,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-17T22:10:29.260Z","etag":null,"topics":["hooks-api","win32api"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MandConsultingGroup.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-03-20T16:25:48.000Z","updated_at":"2025-04-01T15:12:38.000Z","dependencies_parsed_at":"2023-01-31T05:46:04.169Z","dependency_job_id":null,"html_url":"https://github.com/MandConsultingGroup/ring3-kit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MandConsultingGroup%2Fring3-kit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MandConsultingGroup%2Fring3-kit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MandConsultingGroup%2Fring3-kit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MandConsultingGroup%2Fring3-kit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MandConsultingGroup","download_url":"https://codeload.github.com/MandConsultingGroup/ring3-kit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250400798,"owners_count":21424442,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hooks-api","win32api"],"created_at":"2024-11-08T20:29:32.728Z","updated_at":"2025-04-23T08:42:22.721Z","avatar_url":"https://github.com/MandConsultingGroup.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ring3-kit\nHides Process From Task Manager Using NT Hooking (NtQuerySystemInformation). A simple Ring-3 (user mode) rootkit. \n## How\n- Hook the API function NtQuerySystemInformation() with our own function that hides a process\nfrom task manager\n- Hooked function gets called instead\n- The DLL is injected into Taskmgr.exe so there is a virtual memory space available to execute our hooked code\n\n## Disclaimer\nThe developer, Josh Schiavone is not responsible or liable for the misuse of this simple rootkit. Do not deploy this rootkit in association with legitmate malware programs on machines that you have no authorized access to. May God bless you all. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandconsultinggroup%2Fring3-kit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmandconsultinggroup%2Fring3-kit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandconsultinggroup%2Fring3-kit/lists"}