Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)

In this paper, the author presents ELKM, a Linux tool that provides a mechanism to securely transport and load encrypted Loadable Kernel Modules (LKM). The aim is to protect kernel-based rootkits and implants against observation by Endpoint Detection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling. The tool as well as the whitepaper is provided in this archive.


MD5 | eb8470252a6b4d9620877f82a1676c7e


Related Posts