Fork: 1
21a5032 / linux_kernel_hacking
forked from miura250/linux_kernel_hacking
Transfer to URL with SHA Find file
Newer
Older
linux_kernel_hacking / 3_RootkitTechniques / 3.0_hiding_lkm / README.md
@Harvey Phillips Harvey Phillips on 15 Jun 2020 409 bytes add inspiration
Raw Blame History

Linux Kernel Hacking

3.0: Hiding Kernel Modules

Hide a kernel module after loading it

To use:

  • Build with make
  • Load with insmod rootkit.ko
  • Check output in kernel buffer with dmesg
  • See that the module is missing from the output of lsmod

NOTE: Currently, you can't unload this kernel module without rebooting

Inspired, in part, by this repo.