search

alichtman / gardening-starter-pack

Literally a rootkit. (LKM for Linux Kernels 4.14+)
GNU General Public License v3.0
1 stars 0 forks source link

Add ability to hide files / directories #8

Closed alichtman closed 5 years ago

alichtman commented 5 years ago

Look in section 5.2.1.3. (Virtual File System Deceptive Interpreters) of "A Taxonomy of Software Deceptive Interpretation in the Linux Operating System"

arch1904 commented 5 years ago

I think this resource is a great place to start, it uses the prefix hiding technique and the files arent viewable in file manager or by using ls. https://0x00sec.org/t/hiding-with-a-linux-rootkit/4532

alichtman commented 5 years ago

Yep, so just hook the getdents syscall and replace it with our own implementation.

alichtman commented 5 years ago

This is a nice example.