β¨ Introduction
Welcome to the EpiRootkit project, an educational rootkit developed as part of our curriculum at EPITA. This rootkit operates at the kernel level to provide a hybrid command and control (C2) channel, combining classic TCP communication with stealthy DNS-based communication. The team members are Thibault Colcomb, Oleg Krajic, and Evann Marrel.
π Features
- π TCP and/or DNS channel communication
- π₯οΈ Remote command execution
- π Reverse shell
- π Hide directories and files (dynamic)
- π« Block access to directories or files (dynamic)
- βοΈ Modify the display of targeted files (dynamic)
- π΅οΈ Hide the module from the modules list
- π AES encryption for communications (TCP and DNS)
- π Remote authentication
- πΈοΈ Remote control web interface
- πͺ Hide network ports
- β¨οΈ Keylogger
- π Persistence through reboot
- πΌοΈ ASCII art
- π File upload and download
- π‘οΈ Virtual environment detection
- π Remote file explorer
π’ Organization
This documentation was generated with Doxygen. It is organized into several sections listed below. What is not mentioned here corresponds to the automatically generated source code documentation.
- **Overview** - General introduction to the documentation.
- **Architecture** - Git repository structure.
- **Setup** - Virtualization configuration and project setup.
- **Usage** - Available commands, web interface operation.
- **Environment** - Communication setup between machines and OS information.
- Details - Technical information about rootkit feature implementation.
