Skip to content

cuckflong/FreeBSD-Rootkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

86 Commits
detector
detector
 
 
rootkit
rootkit
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
rootkit-writeup.pdf
rootkit-writeup.pdf
 
 
writeup.md
writeup.md
 
 

Repository files navigation

A FreeBSD kernel rootkit and detector written in C and Golang

Features

  • Reboot Persistence
  • File and Kernel Stat Hiding
  • Keylogging and File Exfiltration
  • Reverse Shell

Methodology

A kernel module is loaded which hook the syscalls and make changes we need, it will communicate with a background program written in Golang via a block device to achieve certain features above. It will also look for ICMP packets with a magic sequence in order to perform actions to external network such as reverse shell and log file exfiltration.

Report

For more details please read
Final Report

About

A FreeBSD Kernel Rootkit written in C and Golang

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages