14

I'm working on some new techniques for Linux Kernel Rootkit Detections as my thesis. I need some sample of rootkits to test my method and also do some machine learning tests. But not the old-dusty ones in packetstorm that could be found in computer history books as well. I've read alot about it and I've seen some new methods of rootkit implementations in phrack and some other resources. It would take a lot of time to just implement PoC rootkits out of them for me and I would just get to the starting point for my project by then.

If anyone could help me with this it would be greatly appreciated. Any site, ftp, compromised system, unknown rootkit libraries, anything that might be a sample for my work is appreciated. But with this in mind that what I need are Linux kernel Rootkits. Any type, LKM, System Call Hooking, Object hooking, system.map /dev/mem working stuff

Thanks

p.s by new rootkits I don't mean like non-reported or all-over-the-news rootkit, something that would work on ubuntu 10.04 or newer would be great (Kernel version 2.6.32+)

Shayan
  • 542
  • 6
  • 24

2 Answers2

3

For obvious reasons, you aren't going to find any rootkits available for download on the public internet. Doing so would be a huge liability exposure to anyone hosting them. Your options are: make some friends in the security research or black hat communities, or run some honeypots and capture them yourself.

Andy Ross
  • 10,859
  • 1
  • 28
  • 29
  • Thanks for your answer I really want to use honeypot for this matter but the problem is people that I work with are scared of anything that may have a security hole in it... no matter what that would be... so it's kind of hard to convince them to have a honeypot on the network :) – Shayan Dec 20 '12 at 00:01
  • I've tried some black hat communities in the darknet but I haven't got anything useful, I guess I need someone to get me in – Shayan Dec 20 '12 at 00:05
3

you can get some kernel rk from the follow link http://www.ussrback.com/UNIX/penetration/rootkits/

jingchun.zhang
  • 81
  • 2