CPL0(0) Linux Programmer's Manual CPL0(0) NAME _ __ __ _ __| |/ \ / _| '_ \ | () | \__| .__/_|\__/ |_| cpl0.zip - current privilege level 0 DESCRIPTION cpl0 is a collective of Linux malware programmers. WINTERMUTE kvmrk bluepill for arm64 linux via hijacking kvm + hidden breakpoints via trapping el1 access to debug registers. rain king (writeup) an arm64 Linux rootkit capable of silently hooking system calls without modifying sys_call_table, syscall ha- ndlers and without using ftrace. view on github. ramiel (writeup) a diskless UEFI bootkit capable of surviving disk wipes and firmware reflashes. ramiel is also capable of by- passing OVMF's secureboot implementation. view on github. hvICE (writeup) a POC implementation of hypervisor enforced code integrity for the Linux kernel using the> Xen hypervisor an- d libVMI. ICEbreaker is a KASLR offset spoofer for libVMI. view on github. pswap an implementation of software watchpoints + physical page swapping on execute/read via page fault handler ho- oking. (abandoned) github 3intermute discord wintermute#0440 email wintermute@cpl0.zip BLOOM lukah a runtime rdtsc spoofer for KVM (svm) + hardened QEMU/KVM implementation. (work in progress) gitlab rookie github af280cf94190a54043e947948a0031ce7ed71dc email o@ra.pe MYSTERE spy.ko a lightweight Linux kernel module that logs all input events from any input device. gitlab eretsym discord mystère#2936 email contact@myst.re DJNN unix keylogger a quick n dirty usermode Linux keylogger + encrypted communication with logging server. pitstop a ptraceless function tracing tool using ROP gadgets via writing to the stack with /proc/mem. (work in progr- ess) github bogdzn twitter djnn1337 email email@djnn.sh CONTACT email contact@cpl0.zip discord https://discord.gg/5s3q8gCNtP CPL0 2023-05-19 CPL0(0)