Published on August 18th, 2020 📆 | 5960 Views ⚑0
Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)
- Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)
- Posted Aug 18, 2020
- Authored by cenobyte | Site github.com
In this paper, the author presents ELKM, a Linux tool that provides a mechanism to securely transport and load encrypted Loadable Kernel Modules (LKM). The aim is to protect kernel-based rootkits and implants against observation by Endpoint Detection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling. The tool as well as the whitepaper is provided in this archive.
- systems | linux, unix
- MD5 |