Merge pull request #93 from JeremyNGalloway/master
added a Linux Defense Evasion entry for Rootkitspatch-7
commit
ed1dd3cea0
|
@ -0,0 +1,21 @@
|
|||
## Rootkits
|
||||
|
||||
MITRE ATT&CK Technique: [T1014](https://attack.mitre.org/wiki/Technique/T1014)
|
||||
|
||||
### Loadable Kernel Module based Rootkit
|
||||
|
||||
Input:
|
||||
|
||||
sudo insmod MODULE.ko
|
||||
|
||||
OR
|
||||
|
||||
Input:
|
||||
|
||||
sudo modprobe MODULE.ko
|
||||
|
||||
### LD_PRELOAD based Rootkit
|
||||
|
||||
Input:
|
||||
|
||||
export LD_PRELOAD=$PWD/libmy_r00tkit.so
|
|
@ -13,7 +13,8 @@
|
|||
| Valid Accounts | | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | | | Input Capture | Scheduled Transfer | Multi-Stage Channels |
|
||||
| Web Shell | | Install Root Certificate | | System Owner/User Discovery | | | Screen Capture | | Multiband Communication |
|
||||
| | | Masquerading | | | | | | | Multilayer Encryption |
|
||||
| | | Redundant Access | | | | | | | Remote File Copy |
|
||||
| | | Redundant Access |
|
||||
| | | [Rootkits](Defense_Evasion/Rootkits.md) | | | | | | | Remote File Copy |
|
||||
| | | Scripting | | | | | | | Standard Application Layer Protocol |
|
||||
| | | Space after Filename | | | | | | | Standard Cryptographic Protocol |
|
||||
| | | Timestomp | | | | | | | Standard Non-Application Layer Protocol |
|
||||
|
|
Loading…
Reference in New Issue