cleanup_module

2025-04-04

cleanup_module is the default cleanup function name in Linux Loadable Kernel Modules. The Linux kernel creates an alias for cleanup_module even if the ... Read More

eBPF

2025-04-04

Extended Berkeley Packet Filter (eBPF) is a Linux kernel technology that allows users to program the kernel for networking, observability, tracing, ... Read More

HIDS

2025-04-04

Host Intrusion Detection Systems (HIDS) are host-based cybersecurity tools that monitor for signs of security compromise, policy violation, or ... Read More

HIPS

2025-04-04

Host-Based Intrusion Prevention Systems (HIPS) are host-based cybersecurity tools that monitor for and prevent security compromises, unauthorized ... Read More

module_exit

2025-04-04

module_exit is a macro in the Linux kernel that is ran when a loadable kernel module is unloaded. Read More

module_init

2025-04-04

module_init is a macro in the Linux kernel used to specifiy the initialization function ran when a loadable kernel module is loaded. Read More

prevent LKM unloading with rmmod

2025-04-04

rootkits and EDR software that use LKMs may employ techniques that hide their presence or prevent them from being unloaded–if an attacker ... Read More

printk

2025-04-04

printk is the Linux kernel’s logging function, able to print formatted strings similar to printf() in userspace. It outputs messages to the ... Read More

reference count to avoid LKM removal

2025-04-04

rootkits and EDR software may increase their reference count using try_module_get(THIS_MODULE). This tricks the kernel into thinking that the module ... Read More

tmhook module

2025-04-04

tmhook is a loadable kernel module associated with Trend Micro Deep Security on Linux systems Read More