Encrypted Linux x86-64 Loadable...

- AV AC AU C I A
发布: 2020-08-18
修订: 2022-04-29

In this paper, the author presents ELKM, a Linux tool that provides a mechanism to securely transport and load encrypted Loadable Kernel Modules (LKM). The aim is to protect kernel-based rootkits and implants against observation by Endpoint Detection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling. The tool as well as the whitepaper is provided in this archive.

0%
暂无可用Exp或PoC
当前有0条受影响产品信息