Skip to content

feiniao112/DectctHideProcess

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
DectctHideProcess.sh
DectctHideProcess.sh
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

DectctHideProcess

Linux下进程隐藏检测与定位工具

1.专注于Linux下隐藏进程的检测与实现手法的定位,并可以将隐藏的进程自动恢复,提升应急响应的效率,详细见:https://www.yuque.com/feiniao112/rq5bav/cs7r0cvps2eoua8u#XkDCu

2.可检测下面类型的进程隐藏:

库文件劫持

LKM Rootkit-Diamorphine

进程挂载

3.检测效果如下

3.1 进程挂载检测效果 image

3.2LKM Rootkit-Diamorphine检测效果

image

3.3库文件劫持检测效果 image

综合检测效果: image

About

Linux下进程隐藏检测与定位工具

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages