More

    Tyton: Rootkit Hunter

    CybersecuritySecurity ToolsTyton: Rootkit Hunter

    Loadable kernel modules are an important companion of the Linux kernel, LKMs for example.

    Typically, LKMs are used to add or add extra system calls to support fresh hardware (as device drivers) or file systems. Without LKMs, any predicted functionality must be included in an operating system.

    When developing a platform to use with everything from a smartphone to a server, this is borderline impossible to do. LKMs provide the kernel and the device user with 
    extra functionality by extension, and can be safely added or removed when needed or not.

    Read Also: The powerful truth – All those “smart” devices…

    Therefore, developing multiple methods of detection on more advanced rootkits would benefit system administrators globally.

    Tyton Detected Attacks

    • Process Fops Hooking
    • Interrupt Descriptor Table Hooking
    • Syscall Table Hooking
    • Zeroed Process Inodes
    • Network Protocol Hooking

    Dependencies

    • Linux Kernel 4.4.0-31 or greater
    • GTK3 & GCC
    • Make
    • Package Config
    • Libnotify
    • Libsystemd
    • GTK3
    Download Tyton
    SourceGitHub

    Leave a reply

    Please enter your comment!
    Please enter your name here

    spot_img
    spot_img

    Hot Topics

    More Articles