Code

This page contains various code proof of concepts used in the process of developing and researching the rootkit. There are blog articles to explain and help understand each of these elements.

Various systemtap & install scripts.
https://github.com/maK-/systemtap-rootkit-project-scripts

Hello world Kernel module
https://github.com/maK-/SimplestLKM

System call hijacking module
https://github.com/maK-/Syscall-table-hijack-LKM

Key logging Kernel module
https://github.com/maK-/Keylogger-lkm

Part 2: Stealthy Key logging kernel module
https://github.com/maK-/stealthy-Keylogger-lkm/

Reverse shell invoked from Kernel module
https://github.com/maK-/reverse-shell-access-kernel-module

maK_it: Linux Rootkit
https://github.com/maK-/maK_it-Linux-Rootkit

More examples will be added as I progress through investigating the different functionality I would like to implement. I will also link to the finished product once it’s completed.