Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Explore how rootkits provide stealthy persistence on Linux systems, with practical strategies to detect and prevent them. Read More

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit

Demonstrates how to forcibly unhook Linux kernel rootkits (and some EDR products) by calling their cleanup_module() function. Read More