Brootus
An educational Linux Kernel Rootkit
Install / Use
/learn @dsmatter/BrootusREADME
bROOTus
bROOTus is a Linux kernel rootkit that comes as a single LKM (Loadable Kernel Module) and it is totally restricted to kernel 2.6.32. The rootkit is dedicated to educational purposes and is intended to point out some mechanisms on how to manipulate data structures and hook functions in the kernel in order to achieve certain tasks such as file hiding, module hiding, process hiding, socket hiding, packet hiding, keylogging and privilege escalation from within the kernel.
Documentation
The documentation in PDF format is available here
Quick start
Make sure you are running a vanilla Linux Kernel (version 2.6.32) and have installed the necessary build tools as well as the Linux header files.
# Build and insert the rootkit
make
insmod rootkit.ko
# Files beginning with "rootkit_" are hidden by default
# The rootkit module itself is hidden as well
# Please consult the documentation for more options
# Unload the module
mod_unhide() # Type this in a shell and press CTRL-C afterwards
rmmod rootkit
Related Skills
YC-Killer
2.7kA library of enterprise-grade AI agents designed to democratize artificial intelligence and provide free, open-source alternatives to overvalued Y Combinator startups. If you are excited about democratizing AI access & AI agents, please star ⭐️ this repository and use the link in the readme to join our open source AI research team.
best-practices-researcher
The most comprehensive Claude Code skills registry | Web Search: https://skills-registry-web.vercel.app
groundhog
398Groundhog's primary purpose is to teach people how Cursor and all these other coding agents work under the hood. If you understand how these coding assistants work from first principles, then you can drive these tools harder (or perhaps make your own!).
isf-agent
a repo for an agent that helps researchers apply for isf funding
