analyzing-linux-kernel-rootkits
CommunityDetect Linux kernel rootkits from memory dumps.
Data & Analytics#linux#forensics#threat-hunting#memory-forensics#volatility3#kernel-analysis#rootkit
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Quickly identifies kernel-level rootkit artifacts in Linux memory dumps used in incident response and threat-hunting workflows.
Core Features & Use Cases
- Memory-forensics driven rootkit detection using Volatility3 Linux plugins (linux.check_syscall, linux.lsmod, linux.hidden_modules, linux.check_idt)
- Cross-view analysis comparing /proc and /sys to reveal hidden modules and inconsistencies
- Live system scanning with rkhunter to detect known rootkit signatures
- Structured reporting with JSON output for automated ingestion
Quick Start
Run the Linux kernel rootkit detector on a memory dump to generate a JSON rootkit report.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-linux-kernel-rootkits Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#analyzing-linux-kernel-rootkits Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.