uthash

2025-04-08

uthash is a portable hash table for C structures https://troydhanson.github.io/uthash/ Read More

destructor

2025-04-05

Destructors are code within shared objects or libraries that is ran when the module is unloaded, exits, or is otherwise done being used. Read More

/proc/kmsg

2025-04-04

/proc/kmsg on procfs-enabled systems provides a userspace interface to the kernel’s logging ring buffer. Read More

cleanup_module

2025-04-04

cleanup_module is the default cleanup function name in Linux Loadable Kernel Modules. The Linux kernel creates an alias for cleanup_module even if the ... Read More

eBPF

2025-04-04

Extended Berkeley Packet Filter (eBPF) is a Linux kernel technology that allows users to program the kernel for networking, observability, tracing, ... Read More

HIDS

2025-04-04

Host Intrusion Detection Systems (HIDS) are host-based cybersecurity tools that monitor for signs of security compromise, policy violation, or ... Read More

HIPS

2025-04-04

Host-Based Intrusion Prevention Systems (HIPS) are host-based cybersecurity tools that monitor for and prevent security compromises, unauthorized ... Read More

module_exit

2025-04-04

module_exit is a macro in the Linux kernel that is ran when a loadable kernel module is unloaded. Read More

module_init

2025-04-04

module_init is a macro in the Linux kernel used to specifiy the initialization function ran when a loadable kernel module is loaded. Read More

prevent LKM unloading with rmmod

2025-04-04

rootkits and EDR software that use LKMs may employ techniques that hide their presence or prevent them from being unloaded–if an attacker ... Read More