Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…
34
50
2
95
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #20 - Name two Volatility modules that can help to search for hidden loadable kernel module rootkits.

Sep 25, 2022 · 12:28 PM UTC

2
2
Trivia Answer #20 - Shout out to @countuponsec for a great list-- linux_check_modules and linux_hidden_modules to look for modules that are hiding, linux_check_syscall to look for kernel hooks, and linux_check_inline_kernel to look for patching
3
Replying to @hal_pomeranz @WWHackinFest
(1/2) I will try this one ... linux_check_modules and linux_hidden_modules could help find LKM modules that are not visible in /proc/modules but still visible under /sys/module or hidden.
1