WIP Malicious Linux Library Used as Userland Rootkit
This library will hide itself from common binaries such as lsof, ls, ps, netstat etc... using the old technique placing library in /etc/ld.so.preload.
Sends a GET request to a attacker controlled website to regex for a triggerword that will spawn a reverse shell to the attacker.
I found this to be more interesting than failed ssh requests which may seem suspicious.
-
Notifications
You must be signed in to change notification settings - Fork 3
Kwstubbs/userlandrootkit
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
Malicious Linux Library Used as Userland Rootkit
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published