This is an LD_PRELOAD rootkit I wrote several years ago in high school and have been trying sporadically to improve ever since.
- Important strings are xor'ed out
- ptrace disabling
- Memory cleaning
- Process hiding (currently only through magic strings)
- File hiding through magic strings or GID
- Not detected by rkhunter (as of 2020)
- Port hiding
- libpcap hooks
- Reverse shell
- Self-destruct feature
- VM detection (implemented a little bit)
- Better anti-debugging features
- Better code (never happening lol)
- C2 client
- Syscall hooking with ptrace
- gcc
- libc6 (duh)
- nscd (this will totally break everything if it is not installed)