Anti rootkit technologies

Tags

How to detect rootkits, or tracing kernel activities

  1. Sandfly Security
    Provides agentless intrusion detection for Linux systems, focusing on detecting malware, rootkits, and unauthorized activities without impacting system performance.

  2. LKRG
    The Linux Kernel Runtime Guard (LKRG) protects the kernel from unauthorized changes and enforces runtime integrity checks to detect exploits and vulnerabilities.

  3. SysmonForLinux
    A Linux port of Sysinternals Sysmon, a tool for monitoring and logging system activity to detect malicious or anomalous behavior.

  4. Volatility
    A memory forensics framework for analyzing volatile system memory to uncover malicious activities, malware, and system states.

  5. Volatility Community
    A repository for community-contributed plugins, tools, and enhancements to extend Volatility’s functionality for memory analysis.

  6. VolWeb
    A web interface for the Volatility memory forensics framework, enabling easier management and visualization of memory analysis results.

  7. bpf-hookdetect
    A tool leveraging eBPF to detect kernel function hooks, aiding in the identification of rootkits and suspicious modifications to kernel behavior.

  8. Pulsar
    A runtime security engine for embedded Linux systems that detects and mitigates threats by monitoring system behavior and integrity.

  9. libebpfflow
    A library for leveraging eBPF to collect network flow data in high-performance environments for analysis and monitoring.

  10. eHIDS Agent
    A host intrusion detection system (HIDS) using eBPF to monitor and analyze Linux system events in real time for suspicious activities.

  11. Falco
    A cloud-native runtime security tool that detects suspicious activity by monitoring system calls and other Kubernetes events.

  12. Tracee
    A runtime security and forensics tool using eBPF to capture and analyze security-related events in Linux systems.

  13. Sysdig
    A powerful monitoring and troubleshooting tool for Linux systems and containers, providing deep visibility into processes, network, and storage.

  14. Tetragon
    A security observability platform using eBPF to monitor, detect, and enforce runtime policies for Linux processes and applications.

  15. XDP-Firewall
    A high-performance firewall leveraging eXpress Data Path (XDP) to filter network packets efficiently in Linux.

  16. RKBreaker
    A tool for detecting and neutralizing rootkits in Linux systems by identifying malicious kernel modules and processes.

  17. lsrootkit
    A rootkit detection utility that scans the system for signs of kernel-level malicious software.

  18. RKSpotter
    An advanced tool for detecting rootkits by analyzing system calls, kernel modules, and hidden files on Linux systems.

  19. Shadow-box-for-x86
    A kernel protection framework implementing integrity checks and runtime monitoring to secure x86-based Linux systems.

  20. Chkrootkit
    A command-line utility to detect signs of rootkits and other malicious software on Unix-based systems.

  21. Kube-Scan
    A risk assessment tool for Kubernetes clusters that identifies vulnerabilities and misconfigurations in the deployment.

LinkedIn Reddit