An experimental proof of concept rootkit for OpenBSD 6.7. leveraging the 'KARL' system
KARK is a tool that when run as root attempts to patch sys_seteuid code in the kern_prot.o file to remove safety checks and relinks the kernel so that when the system is restarted any call like seteuid(0) from an unprivileged user will succeed. KARK is a minimal example of an experimental rootkit-like program provided as a proof of concept for security research and demonstration.
https://github.com/linuxthor/kark
#karl #rootkit
KARK is a tool that when run as root attempts to patch sys_seteuid code in the kern_prot.o file to remove safety checks and relinks the kernel so that when the system is restarted any call like seteuid(0) from an unprivileged user will succeed. KARK is a minimal example of an experimental rootkit-like program provided as a proof of concept for security research and demonstration.
https://github.com/linuxthor/kark
#karl #rootkit