https://github.com/silverplate3/goodkit

Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity
https://github.com/silverplate3/goodkit

cybersecurity linux-kernel syscall-hooking

Last synced: 4 months ago
JSON representation

Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity

• Host: GitHub
• URL: https://github.com/silverplate3/goodkit
• Owner: SilverPlate3
• Created: 2024-03-16T08:48:10.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2024-04-26T07:18:43.000Z (about 1 year ago)
• Last Synced: 2025-02-02T08:02:32.383Z (4 months ago)
• Topics: cybersecurity, linux-kernel, syscall-hooking
• Language: C++
• Homepage:
• Size: 271 KB
• Stars: 35
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
![GoodKit drawio](https://github.com/SilverPlate3/GoodKit/assets/93097769/e7a07a30-1e95-4a65-92a1-d739efa7f3d7)

# project purpose:

Offer blue teams a reliable and efficient way to detect and prevent malicious process's and file aceess.


Users can control the LKM detection rules and exclusion with a simple json.




# How to use

```

git clone

sudo make all

sudo ./UserSpace/user_app

```

# Tested and built on

Built on kernel version: 6.5.0-26-generic, 6.7.0-rc8


Tested on kernel version: 6.5.0-26-generic, 6.7.0-rc8


Tested on distro: Ubuntu 22.04.3 LTS, Ubuntu 20.04.4 LTS 


Built with GCC versions: 12.3.0, 9.4.0








**Future optimizations and features** - See NextSteps.txt