This is an open source rootkit created for a class taught on Rootkit Design.

This rootkit hides by hooking the system call table and using an agent to do interactive manipulation in userland.

Disclaimer: This rootkit was tested and developed on 64 bit Ubuntu 17.04. There are currently issues with 16.04.

- An agent that works in userland 
- Self-destruct functionality
- Improved hiding 
- Network/Socket Hooking

- FTE Traffic Encryption
- Update/Maintenance Functionality
- P2P Command&Control Scheme
- OS X Support
- Windows Support
- EFI Infection
- SMM Infection

Reference Material:

http://www.thegeekstuff.com/2013/07/write-linux-kernel-module/

https://stackoverflow.com/questions/2103315/linux-kernel-system-call-hooking-example#2103745

https://appusajeev.wordpress.com/2011/06/18/writing-a-linux-character-device-driver/