Awesome-Mirrors
/
awesome-linux-rootkits
mirror of https://github.com/milabs/awesome-linux-rootkits.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

This commit is contained in:
Ilya V. Matveychikov 2018-07-02 14:14:33 +04:00 committed by GitHub
parent b72fe66edb
commit 9cb4ad8d37
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -68,7 +68,7 @@ Additional functions:
| Management interface | `kill(2)` | `sys_call_table[__NR_kill]` |
| Hiding (tampering) of file contents | Filtering while reading | `sys_call_table[__NR_read]` |
| Hiding of files and directories | Filtering of directory entries | `sys_call_table[__NR_getdents]` `sys_call_table[__NR_getdents64]` |
| Hiding of processes and process trees | Filtering of `/proc` | Filtering PID-like numeric entries while listing `/proc`. Hidden tasks are marked using `task->flags | 0x10000000`. Not able to hide all threads and children of parent process. |
| Hiding of processes and process trees | Filtering of `/proc` | Filtering PID-like numeric entries while listing `/proc`. Hidden tasks are marked using `task->flags \| 0x10000000`. Not able to hide all threads and children of hidden (parent) process. |
| Detection evasion | Hides own components | Hide files, unlinks module from `module_list`, alters contents of startup files while reading. |
- https://github.com/QuokkaLight/rkduck