TripleCross Linux eBPF Rootkit

TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON 293, and Kris Nóva's Boopkit4. The authors reuse and extend some of the techniques pioneered by these previous explorations of the offensive capabilities of eBPF technology.

SHA-256 | efa4bb512562aea95bee50fc8810a3a5b1b7f5e063254ef058a940ae82908a4e

Related Posts