Kstat is a tool for Linux which can find an attacker in your system by a direct analysis of the kernel via /dev/kmem, bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). Kstat can find the syscalls which were modified by a LKM, list the linked LKMs, query one or all the network interfaces of the system, list all the processes and much more.
88b0b99c154e47fea38908d1d46542850be4215cd28ce2024ba4ade238b560a1