Difficulty: 9/10
Attackers install rootkits on machines to persist root access whilst making them virtually undetectable. The most common of these are install ed via Linux Kernel Module (LKM) and use function hooking (typically on syscalls) to give them their many features.
Resources
The most powerful open-source rootkit is Singularity, and it contains many resources for learning how each of their attacks work.
Additionally, this series of blog posts does a wonderful job of introducing you to how rootkits work.
Here is a blog post specifically about how processes in Linux work and how rootkits can hide them.
Vulnerabilities
I think the easiest way to approach this would be to find all of the famous LKM rootkits and have the script simply install them. The checker script is going to be far more difficult, as many of the go-to methods for rootkit detection are outdated (e.g. chkrootkit and rkhunter)
How to resolve this issue
You can create a fork of the repo, add the desired vulns, and then submit a pull request. Resources explaining how to add vulnerabilities are present in our documentation, slides, and video
Difficulty: 9/10
Attackers install rootkits on machines to persist root access whilst making them virtually undetectable. The most common of these are install ed via Linux Kernel Module (LKM) and use function hooking (typically on syscalls) to give them their many features.
Resources
The most powerful open-source rootkit is Singularity, and it contains many resources for learning how each of their attacks work.
Additionally, this series of blog posts does a wonderful job of introducing you to how rootkits work.
Here is a blog post specifically about how processes in Linux work and how rootkits can hide them.
Vulnerabilities
I think the easiest way to approach this would be to find all of the famous LKM rootkits and have the script simply install them. The checker script is going to be far more difficult, as many of the go-to methods for rootkit detection are outdated (e.g. chkrootkit and rkhunter)
How to resolve this issue
You can create a fork of the repo, add the desired vulns, and then submit a pull request. Resources explaining how to add vulnerabilities are present in our documentation, slides, and video