Search Results for "kernel su modules"

...Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.Osquery queries your devices like a database. Osquery uses basic SQL commands to leverage a relational data-model to describe a device. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

...The keypress logs are recorded in debugfs as long as the module is loaded. Only root or sudoers can read the log. The module name has been camouflaged to blend-in with other kernel modules. You can, however, execute a script at shutdown or reboot (the procedure would be distro-specific) to save the keys to a file. DISCLAIMER: keysniffer is intended to track your own devices and NOT to trespass on others. The author has never used it to compromise any third-party device and is not responsible for any

ProSum is a terminal based program that protects your files, sys_call_table and IDT like tripwire way (All in user space, without kernel modules) In addition, database with files etc. could be encrypted with Blowfish algorythm and more.