shellgame
0001-01-01
shellgame is a userland rootkit for Linux that uses the inotify API to detect file accesses near the files it intends to hide. Once detected, shellgame opens, then unlinks the protected files. This rootkit is particularly interesting because it works as a non-privileged user.
https://github.com/matthewbobrowski/shellgame
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit