amark

Rootkit and detection module (wip) for Linux x86{_64}, ARM (wip²) The purpose is not to have a fully functional rootkit, (no hidden file/process/connection), but a rootkit that hide itself as much as possible. In parallel, we use some tools [1] to detect our malicious lkm.

[1]: volatility, lime, rkhunter, lynis, ktraq and some personal tool