The repo contains the source code annalysis of 5 famous Linux rootkits (4 Linux kernel rootkit and 1 user mode rootkit). Especially, adore-ng and knark, they are the most famous kernel rootkits in the hacker's view.
- adore-ng-0.56_implementation_analyse.pdf
- KNARK-rootkit-analyse.pdf
- bash-door-rootkit-analyse.pdf
- DR-rootkit-analyse.pdf
- enyelkm-rootkit-source-code-analyse.pdf
If you want to know how hackers hide themselves and steal information in Linux, I promise you will be satisfied.