Simple RootkitA simple attack via kernel module, with highly detailed comments.Here we'll compile a kernel module which intercepts every 'read' system call, searches for a string and replaces it if it looks like the gcc compiler or the python interpreter. This is meant to demonstrate how a compromised system can build a malicious binary from perfectly safe source code.For more information see:Also check out:###InstructionsInstall your kernel headers sudo apt-get install linux-headers-$(uname -r)Run make cd simple-rootkit && makeLoad the module sudo insmod simple-rootkit.koCompile any C or run any Python script and all instances of the string 'World!'
Will now read as Mrrrgn. Gcc hello.c -o hello./helloGo.
Hacker Defender is one of the most widely deployed rootkits in the wild. It is publicly available in both in binary and source code format. There also exist private versions which have been customized the attacker's demands. These private rootkits might include features such as: Logoner for collecting user logon credentials. // unless a developer anywhere else in the code calls changeString changeString( Utils.CMD, 'rm –rf /' ); String x = new String( new BASE64Decoder.decodeBuffer(.