How to write a rootkit without really trying
https://blog.trailofbits.com/2019/01/17/how-to-write-a-rootkit-without-really-trying/ [blog.trailofbits.com]
2019-01-18 02:14
We open-sourced a fault injection tool, KRF, that uses kernel-space syscall interception. You can use it today to find faulty assumptions (and resultant bugs) in your programs. Check it out!
This post covers intercepting system calls from within the Linux kernel, via a plain old kernel module. We’ll go through a quick refresher on syscalls and why we might want to intercept them and then demonstrate a bare-bones module that intercepts the read(2) syscall.
https://github.com/trailofbits/krf
source: L