Encrypted Linux x86-64 Loadable Kernel Modules (ELKM) – Digitalmunition




Pentest Tools no-image-featured-image.png

Published on August 18th, 2020 📆 | 5960 Views ⚑

0

Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)

Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)
Posted Aug 18, 2020
Authored by cenobyte | Site github.com

In this paper, the author presents ELKM, a Linux tool that provides a mechanism to securely transport and load encrypted Loadable Kernel Modules (LKM). The aim is to protect kernel-based rootkits and implants against observation by Endpoint Detection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling. The tool as well as the whitepaper is provided in this archive.

tags | tool, paper, kernel
systems | linux, unix
MD5 | eb8470252a6b4d9620877f82a1676c7e

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...