[PLUG] kernel malware

[Michael Lazin via plug <plug@lists.phillylinux.org>]

I like rootkit hunter, and I understand you can use this Ghidra plugin in novel ways to find how malware many hide in the memory space that a program may use:

https://www.sentinelone.com/labs/introducing-sentinelones-ghidra-plugin-for-virustotal/

I have not tried it yet, but I imagine you could use this to look for malware in the kernel, I have checked the behavior of rkhunter and it does not do this.  I am going to explore using this tool for this purpose, but it seems that it is an oversight that rkhunter does not check the kernel.  I am just throwing the idea out there that there does not appear to be an open source tool to verify if the kernel is tampered with.  I will try using this Ghidra plugin to explore it on my own, but it would be great if there was an open source tool that did this. 

Thanks,

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug