A free and open-source rootkit for Linux
4 months ago
- #Linux
- #Rootkit
- #Security
- Singularity is an open-source rootkit for Linux designed to help security research.
- It hides its presence, processes, network activity, and files using sophisticated techniques.
- Uses Ftrace to hook into system calls without modifying kernel machine code directly.
- Prevents detection by resetting kernel taint markers and blocking module unloading.
- Hides processes by intercepting system calls and adjusting system-reported process counts.
- Filters directory entries and file reads to hide files and maintain filesystem consistency.
- Supports hiding network connections on specific ports from tools like netstat and packet captures.
- Compatible with x86 and x86_64, supporting both 32-bit and 64-bit system calls.
- Includes utility scripts for cleaning logs and ensuring persistence across reboots.
- Encourages ethical use for research, not malicious activities, under MIT license.