search

reveng007 / reveng_rtkit

Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
https://reveng007.github.io/blog/2022/03/08/reveng_rkit_detailed.html
MIT License
233 stars 51 forks source link

Hide LKM module from `/sys/module/` directory #6

Open reveng007 opened 2 years ago

reveng007 commented 2 years ago

Hiding rootkit from being revealed to usermode program via /sys/module/ directory, using syscall interception or any other methods (calling APIs or any other things).