https://github.com/0xflux/ferric-fox

A windows 11 rootkit in Rust
https://github.com/0xflux/ferric-fox

edr edr-evasion rootkit rootkit-kernel rootkit-windows rust-rootkit security-research windows-kernel windows-kernel-exploitation windows-rootkit windows-rootkits

Last synced: 7 months ago
JSON representation

A windows 11 rootkit in Rust

Host: GitHub
URL: https://github.com/0xflux/ferric-fox
Owner: 0xflux
Created: 2025-03-16T11:18:22.000Z (about 1 year ago)
Default Branch: master
Last Pushed: 2025-03-23T14:23:54.000Z (about 1 year ago)
Last Synced: 2025-04-10T03:37:36.783Z (about 1 year ago)
Topics: edr, edr-evasion, rootkit, rootkit-kernel, rootkit-windows, rust-rootkit, security-research, windows-kernel, windows-kernel-exploitation, windows-rootkit, windows-rootkits
Language: Rust
Homepage:
Size: 24.4 KB
Stars: 7
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: Readme.md

Awesome Lists containing this project

README

# Ferric Fox

A Windows 11 (24H2) rootkit written in Rust to implement Kernel Mode ETW bypasses.

This project is not designed to be a complete rootkit, just showcasing the elements related to ETW evasion and bypasses. This is done to complement my EDR, [Sanctum](https://github.com/0xflux/Sanctum), for which
I am doing my own research to monitor and detect attempts to bypass the ETW mechanism in the kernel via a rootkit (or other methods
of kernel mode execution).

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/0xflux/ferric-fox

Awesome Lists containing this project

README