Loadable kernel modules are an important companion of the Linux kernel, LKMs for example.

Typically, LKMs are used to add or add extra system calls to support fresh hardware (as device drivers) or file systems. Without LKMs, any predicted functionality must be included in an operating system.

When developing a platform to use with everything from a smartphone to a server, this is borderline impossible to do. LKMs provide the kernel and the device user with 
extra functionality by extension, and can be safely added or removed when needed or not.

Read Also: The powerful truth – All those “smart” devices…

Therefore, developing multiple methods of detection on more advanced rootkits would benefit system administrators globally.

Tyton Detected Attacks

  • Process Fops Hooking
  • Interrupt Descriptor Table Hooking
  • Syscall Table Hooking
  • Zeroed Process Inodes
  • Network Protocol Hooking

Dependencies

  • Linux Kernel 4.4.0-31 or greater
  • GTK3 & GCC
  • Make
  • Package Config
  • Libnotify
  • Libsystemd
  • GTK3

Share this post

Author

Editorial Team
Editorial Team
The Editorial Team at Security Land is comprised of experienced professionals dedicated to delivering insightful analysis, breaking news, and expert perspectives on the ever-evolving threat landscape

Comments