= = = = NzT Linux Rootkit
--- NzT is a universal user-mode Linux rootkit that will sustainability hold root persistence across all Linux kernel versions, and will successfully bypass any EDR or rootkit detection software. NzT will also come with a plethora of features capable of stealing important files such as SQL database backups, .git, and other configuration files; And much more. Along with being the first of it's kind NzT implements some API system call hooking that has never been seen before which makes it such a unique, and undetectable rootkit experience.
= = = = C&C / C2 / backdoor methods:
--- ICMP backdoor
- Use a unique magic identifier to open a reverse shell
--- accept ( ) backdoor
- Use a unique magic identify to open a listening TCP server
--- PAM backdoor
- Direct interactive SSH backdoor with custom hidden port, username, and password
= = = = Internal System Logging:
---- SSH Log
- Log all incoming and outgoing SSH authorizations in plaintext by hooking pam_vprompt, read, and write API calls
--- Execution Log
- Log all normal ( including root ) user command execution flow
= = = = Hiding Self / Rootkit
--- Hide all files, processes, open ports, and all connections based on unique magic identifier
--- Hide process map files, to prevent direct mapping of process and being able to identify rootkit
--- Hide any file, or directory of choice
--- All rootkit master created directories and files will be kept track of, so no need to manually add or edit anything to keep it hidden!
--- Note: It is possible to forge or fake as any other installed software, service, or similar
= = = = EDR Bypass / Evasion
--- Hooking API calls to hide it's self from / proc * / * maps as well as many other system locations
--- Bypassing SELinux and GRSec
--- Bypasses and hides from SentinelOne and other similar software
= = = = File Stealer
--- By scanning and keeping tracking of a user made list of interesting files and directories the rootkit is capable of stealing anything on the fly and uploading it directly to an external server
--- Stuff like SQL databases are stolen automatically by default!
= = = = Pricing
--- Binary with all features + Setup Guide: $ 500
--- Source Code: $ 7500
= = = = Contact
---Telegram: @agnostic
= = = = Images
![[ Image: k993gg.jpg ]](../../_assets/img/file_4f17b49c.jpg "[ Image: k993gg.jpg ]")
![[ Image: et33hw.jpg ]](../../_assets/img/file_5473e692.jpg "[ Image: et33hw.jpg ]")
--- NzT is a universal user-mode Linux rootkit that will sustainability hold root persistence across all Linux kernel versions, and will successfully bypass any EDR or rootkit detection software. NzT will also come with a plethora of features capable of stealing important files such as SQL database backups, .git, and other configuration files; And much more. Along with being the first of it's kind NzT implements some API system call hooking that has never been seen before which makes it such a unique, and undetectable rootkit experience.
= = = = C&C / C2 / backdoor methods:
--- ICMP backdoor
- Use a unique magic identifier to open a reverse shell
--- accept ( ) backdoor
- Use a unique magic identify to open a listening TCP server
--- PAM backdoor
- Direct interactive SSH backdoor with custom hidden port, username, and password
= = = = Internal System Logging:
---- SSH Log
- Log all incoming and outgoing SSH authorizations in plaintext by hooking pam_vprompt, read, and write API calls
--- Execution Log
- Log all normal ( including root ) user command execution flow
= = = = Hiding Self / Rootkit
--- Hide all files, processes, open ports, and all connections based on unique magic identifier
--- Hide process map files, to prevent direct mapping of process and being able to identify rootkit
--- Hide any file, or directory of choice
--- All rootkit master created directories and files will be kept track of, so no need to manually add or edit anything to keep it hidden!
--- Note: It is possible to forge or fake as any other installed software, service, or similar
= = = = EDR Bypass / Evasion
--- Hooking API calls to hide it's self from / proc * / * maps as well as many other system locations
--- Bypassing SELinux and GRSec
--- Bypasses and hides from SentinelOne and other similar software
= = = = File Stealer
--- By scanning and keeping tracking of a user made list of interesting files and directories the rootkit is capable of stealing anything on the fly and uploading it directly to an external server
--- Stuff like SQL databases are stolen automatically by default!
= = = = Pricing
--- Binary with all features + Setup Guide: $ 500
--- Source Code: $ 7500
= = = = Contact
---Telegram: @agnostic
= = = = Images
