Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy to use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your own C2 framework via single header file with simple usage, you can see an example here.
Nidhogg can work on any version of Windows 10 and Windows 11.
This repository contains a kernel driver with C++ header to communicate with it.
NOTE: This project is currently on its beta, more features will be released in the coming weeks.
- Process hiding
- Process elevation
- Anti process kill
- Anti process dumping
- Bypass pe-sieve
- Anti file deletion
- Anti file overwritting
It has a very simple usage, just include the header and get started!
#include "Nidhogg.hpp"
int main() {
// ...
DWORD result = NidhoggProcessProtect(pids);
// ...
}To compile the project, you will need the following tools:
Clone the repository and build the driver.
To test it in your testing environment run those commands with elevated cmd:
bcdedit /set testsigning onAfter rebooting, create a service and run the driver:
sc create nidhogg type= kernel binPath= C:\Path\To\Driver\Nidhogg.sys
sc start nidhoggI'll happily accept contribution, make a pull request and I will review it!