Now Reading
Tyton: Rootkit Hunter

Tyton: Rootkit Hunter

Rootkit hunter - Photo Credit: Urban Penguin

Loadable kernel modules are an important companion of the Linux kernel, LKMs for example.

Typically, LKMs are used to add or add extra system calls to support fresh hardware (as device drivers) or file systems. Without LKMs, any predicted functionality must be included in an operating system.

When developing a platform to use with everything from a smartphone to a server, this is borderline impossible to do. LKMs provide the kernel and the device user with 
extra functionality by extension, and can be safely added or removed when needed or not.

Read Also: The powerful truth – All those “smart” devices…

See Also
Advanced Search and Analytics for Twitter Accounts

Therefore, developing multiple methods of detection on more advanced rootkits would benefit system administrators globally.

Tyton Detected Attacks

  • Process Fops Hooking
  • Interrupt Descriptor Table Hooking
  • Syscall Table Hooking
  • Zeroed Process Inodes
  • Network Protocol Hooking


  • Linux Kernel 4.4.0-31 or greater
  • GTK3 & GCC
  • Make
  • Package Config
  • Libnotify
  • Libsystemd
  • GTK3
What's Your Reaction?
Not Sure
View Comments (0)

Leave a Reply

Your email address will not be published.

© 2019 Security Land Magazine. All Rights Reserved.

Scroll To Top