Giters

SilverPlate3 / GoodKit

Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cybersecuritylinux-kernelsyscall-hooking

GoodKit drawio

project purpose:

Offer blue teams a reliable and efficient way to detect and prevent malicious process's and file aceess.
Users can control the LKM detection rules and exclusion with a simple json.

How to use

git clone
sudo make all
sudo ./UserSpace/user_app

Tested and built on

Built on kernel version: 6.5.0-26-generic, 6.7.0-rc8
Tested on kernel version: 6.5.0-26-generic, 6.7.0-rc8
Tested on distro: Ubuntu 22.04.3 LTS, Ubuntu 20.04.4 LTS
Built with GCC versions: 12.3.0, 9.4.0



**Future optimizations and features** - See NextSteps.txt

About

Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity

cybersecuritylinux-kernelsyscall-hooking

Languages

Language:C++ 89.2%Language:C 9.1%Language:Python 1.5%Language:Makefile 0.1%