Tool and Usage
Diamorphine is a so-called LKM rootkit for Linux. It runs on different kernels in the 2.6, 3.x, and 4.x branch.
Why this tool?
Rootkits are typically considered to be malware, or malicious software. With the intent to hide, this type of software is often used after a breach. Learning about how it works can be useful for security researchers and security professionals.
How it works
This rootkit is using the Linux functionality of loadable kernel modules (LKM). It can be loaded with insmod or modprobe, after which is will start doing its nefarious job.
Usage and audience
Diamorphine is commonly used for learning. Target users for this tool are security professionals.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
Supported operating systems
Diamorphine is known to work on Linux.
Similar tools to Diamorphine:
chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.
Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix
Bingrep is a utility that can be described as the 'grep for binaries'. It runs on Linux and helps with reverse engineering and malware analysis.