Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
Goal:
Once our reveng_rtkit is loaded into the kernel, it should be impossible for defenders/admins to remove our LKM rootkit even after system reboot.
Goal: Once our reveng_rtkit is loaded into the kernel, it should be impossible for defenders/admins to remove our LKM rootkit even after system reboot.