Click any tag below to further narrow down your results
Links
This is a Windows driver that detects kernel memory drivers and hidden threads, useful for rootkit developers to improve their evasion techniques. It implements several analysis methods, such as NMI callbacks and APC stack walks, to identify suspicious activity. You need to enable test signing and debugging to run it.
This article details the architecture and techniques of Singularity, a Loadable Kernel Module rootkit for Linux 6.x. It covers methods for process concealment, file system stealth, and privilege escalation, highlighting how it evades detection through advanced hooking and anti-forensic tactics.