Fork: 1
miura250 / linux_kernel_hacking
Transfer to URL with SHA Find file
Newer
Older
linux_kernel_hacking / 3_RootkitTechniques / 3.0_hiding_lkm / README.md
@Harvey Phillips Harvey Phillips on 24 Mar 2021 589 bytes added further info links and missed credits
Raw Blame History

Linux Kernel Hacking

3.0: Hiding Kernel Modules

Please check out the blog post for an in-depth explanation on how this module works. You can find it here.

Hide a kernel module after loading it.

To use:

  • Build with make
  • Load with insmod rootkit.ko
  • Check output in kernel buffer with dmesg
  • See that the module is missing from the output of lsmod

NOTE: Currently, you can't unload this kernel module without rebooting

Inspired, in part, by the Diamorphine repo.