Linux rootkits

Introduction

Rootkits are a form of malware with the main purpose to keep itself hidden on a system. It is a kit in the way that it often comes as a set of tools. Some parts are to break into the system, while others have the goal of overwriting existing binaries and intercept system calls in the kernel. All with the goal to avoid detection by scanning tools.

Usage

Linux rootkits are typically used for learning.

Users for these tools include security professionals.

Tools

Azazel (Linux rootkit)

malware analysis

Tools like rootkits are often used by attackers to conceal their presence. Rootkits are a good source to understand malware and help with improving analysis skills. This rootkit focuses on anti-debugging and anti-detection. The availability of the source can be very helpful to understand the related risks.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.