Awesome-Mirrors/awesome-linux-rootkits
1
0
Fork 0
mirror of https://github.com/milabs/awesome-linux-rootkits.git synced 2024-10-01 06:35:44 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Ilya V. Matveychikov 2018-07-02 14:09:00 +04:00 committed by GitHub
parent 0421f4bfc9
commit 880b00db84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -68,7 +68,7 @@ Additional functions:
| Management interface | `kill(2)` | `sys_call_table[__NR_kill]` |
| Hiding (tampering) of file contents | Filtering while reading | `sys_call_table[__NR_read]` |
| Hiding of files and directories | Filtering of direcroty entries | `sys_call_table[__NR_getdents]` `sys_call_table[__NR_getdents64]` |
| Hiding of processes and process trees | Filtering of `/proc` | Filtering `getdents` while listing `/proc`. Hidden tasks are marked using `task->flags` (0x10000000). Not able to hide all threads and children of parent process. |
| Hiding of processes and process trees | Filtering of `/proc` | Filtering <PID>-entries while listing `/proc`. Hidden tasks are marked using `task->flags | 0x10000000`. Not able to hide all threads and children of parent process. |
| Detection evasion | Hiding | Hide own files. Unlinks module from `module_list`. Alters contents of files while reading. |
- https://github.com/QuokkaLight/rkduck