Activate the userspace runtime config for active ebpf modules from the remote client connected to the backdoor.

h3xduck / TripleCross

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

GNU General Public License v3.0

1.79k stars 221 forks source link

Activate the userspace runtime config for active ebpf modules from the remote client connected to the backdoor. #14

Open h3xduck opened 2 years ago

h3xduck commented 2 years ago

This is already done via the -u and -a modes of the rootkit client, but It would be cool to control which specific ebpf programs are active instead of just all or none.