|
|
|
|
|
|
by matheuzsec
175 days ago
|
|
|
Nowadays, there's only one rootkit that can hide itself so perfectly: the Singularity rootkit. It also hides from auditd by using netlink_unicast hooking and other evasive functionalities. Analyzing a machine compromised with Singularity loaded is a real headache, since it prevents memory dumps for analysis. https://github.com/MatheuZSecurity/Singularity |
|
|