Update reptile.md

details/reptile.md

@@ -10,15 +10,15 @@ https://github.com/f0rb1dd3n/Reptile
 ## Persistency
 
 Boot-time module loading using OS-specific startup files:
- - /etc/modules
+ - /etc/modules (debian/ubuntu)
- - /etc/rc.modules
+ - /etc/rc.modules (redhat/centos/fedora)
 
 ## Detection evasion
 
 Rootkit is trying to evade from detection by:
- - hiding of own files
+ - hiding files by name
- - hiding of kernel module by unlinking from `module_list`
  - tampering contents of startup files while reading
+ - hiding kernel module by unlinking from `module_list`
 
 ## Management interface
 
@@ -30,19 +30,19 @@ Implemented via `kill(2)` by hooking `sys_call_table[__NR_kill]` entry. Supporte
 
 ## Altering system (library) behaviour
 
-Hooking of system calls by patching syscall-handlers in `sys_call_table[]`.
+Hooking of system calls by patching syscall-handlers in `sys_call_table[]`:
-
+ - to write to read-only page `CR0/WP` technique used (x86-only)
-To write to read-only page `CR0/WP` technique used (x86-only).
 
 ## Hiding (tampering) of file contents
 
 Filtering of file content while reading by hooking:
- - `sys_call_table[__NR_read]`.
+ - `sys_call_table[__NR_read]`
 
 ## Hiding of files and directories
 
 Filtering of directory entries by hoocking:
- - `sys_call_table[__NR_getdents]`, `sys_call_table[__NR_getdents64]`
+ - `sys_call_table[__NR_getdents]`
+ - `sys_call_table[__NR_getdents64]`
 
 ## Hiding of processes and process trees