Subscribe Now

* You will receive the latest news and updates on your favorite celebrities!


Tyton: Rootkit Hunter
Rootkit hunter - Photo Credit: Urban Penguin
Security Tools

Tyton: Rootkit Hunter 

Loadable kernel modules are an important companion of the Linux kernel, LKMs for example.

Typically, LKMs are used to add or add extra system calls to support fresh hardware (as device drivers) or file systems. Without LKMs, any predicted functionality must be included in an operating system.

When developing a platform to use with everything from a smartphone to a server, this is borderline impossible to do. LKMs provide the kernel and the device user with 
extra functionality by extension, and can be safely added or removed when needed or not.

Read Also: The powerful truth – All those “smart” devices…

Therefore, developing multiple methods of detection on more advanced rootkits would benefit system administrators globally.

Tyton Detected Attacks

  • Process Fops Hooking
  • Interrupt Descriptor Table Hooking
  • Syscall Table Hooking
  • Zeroed Process Inodes
  • Network Protocol Hooking


  • Linux Kernel 4.4.0-31 or greater
  • GTK3 & GCC
  • Make
  • Package Config
  • Libnotify
  • Libsystemd
  • GTK3

Related posts

Leave a Reply

Required fields are marked *