Skip to content

dalvarezperez/CMK_Linux_Kernel_Rootkit

BranchesTags

Repository files navigation

CMK Linux Kernel Rootkit research tools

Tools for researching CMK Linux Kernel Rootkit, but also other Linux Kernel rootkits implementing magic packets via Netfilter hooks.

IoCs

The hashes of the samples

CMK Linux Kernel Rootkit packer layer

Yara rule for identifying the CMK Linux Kernel Rootkit packer layer and the corresponding unpacking tool. cmk_rootkit_packer_layer.

Ghidra script for extracting the requirements of the magic packets

Ghidra script that aims to extract all the possible values for the magic packets and then brute force the sample using those values.

CMK rootkit magic packets

Spawning the reverse shell: cmk_rootkit_magic_packet_reverse_shell.py

About

CMK Linux Kernel Rootkit - Research tools

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages