Tyton: Rootkit Hunter

Loadable kernel modules are an important companion of the Linux kernel, LKMs for example.

Typically, LKMs are used to add or add extra system calls to support fresh hardware (as device drivers) or file systems. Without LKMs, any predicted functionality must be included in an operating system.

When developing a platform to use with everything from a smartphone to a server, this is borderline impossible to do. LKMs provide the kernel and the device user with 
extra functionality by extension, and can be safely added or removed when needed or not.

Read Also: The powerful truth – All those “smart” devices…

Therefore, developing multiple methods of detection on more advanced rootkits would benefit system administrators globally.

Tyton Detected Attacks

  • Process Fops Hooking
  • Interrupt Descriptor Table Hooking
  • Syscall Table Hooking
  • Zeroed Process Inodes
  • Network Protocol Hooking

Dependencies

  • Linux Kernel 4.4.0-31 or greater
  • GTK3 & GCC
  • Make
  • Package Config
  • Libnotify
  • Libsystemd
  • GTK3

Recent Articles

Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy...

COVID-19: SentinelOne Offers Free Platform Access

As the world battles COVID-19, enterprises are coping with immediate work-from-home needs and the challenges of protection beyond the network perimeter, says...

XSS vulnerability in the HTML Data Processor for CKEditor 4.0

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web...

Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled...

Photon: Light and Fast Web Crawler

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. 160 requests per second while extensive...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox