lkm
LKM -> Linux Kernel Module
A linux kernel module is a is a piece of code that can be loaded into the kernel on demand and can extend the functionality of the kernel whenever.
•
•
•
• github.com/m0nad/Diamorphine
• github.com/MatthiasCr/LKM-Rootkit
• Awesome Linux Rootkits
• Hiding Open Ports
• Linux Kernel Hacking Repo
• Linux Kernel Module Programming Book
• Arch Wiki Page
A linux kernel module is a is a piece of code that can be loaded into the kernel on demand and can extend the functionality of the kernel whenever.
Basic stuff
•lsmod -> show loaded kernel modules
•
modinfo [module name] -> show info about some moedule
•
modprobe -c | less -> give whole configuration of all modules
•
modprobe --show-depends [module name] -> list dependencies
Rootkits
A common trait of linux rootkits is linking into the kernel module to more effectively do suspicious things. Some examples of LKM rootkits:• github.com/m0nad/Diamorphine
• github.com/MatthiasCr/LKM-Rootkit
Links
• Detecting Kernel Rootkits• Awesome Linux Rootkits
• Hiding Open Ports
• Linux Kernel Hacking Repo
• Linux Kernel Module Programming Book
• Arch Wiki Page