[Azazel] Userland Anti-debugging & Anti-detection Rootkit
Azazel is a userland rootkit based off of the original LD_PRELOAD
technique from Jynx rootkit. It is more robust and has additional
features, and focuses heavily around anti-debugging and anti-detection.
Features
- Anti-debugging
- Avoids unhide, lsof, ps, ldd detection
- Hides files and directories
- Hides remote connections
- Hides processes
- Hides logins
- PCAP hooks avoid local sniffing
- Two accept backdoors with full PTY shells.
- Crypthook encrypted accept() backdoor
- Plaintext accept() backdoor
- PAM backdoor for local privesc and remote entry
- Log cleanup for utmp/wtmp entries based on pty
- Uses xor to obfuscate static strings
As with anything of this nature, it’s recommended you check the
source-code/run it in a safe environment etc. But if I have to emphasise
stuff like that, this is probably the wrong site for you.
[Azazel] Userland Anti-debugging & Anti-detection Rootkit
![[Azazel] Userland Anti-debugging & Anti-detection Rootkit](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVkwoWucVcAclTJwA1vpnb25r1k9sBqiHOWHtqGsLcJC7KDvNaFUoz9v5f5xuENd2wcTaZa_FKsxrNFZR6L4eVjVh-APNRDpnUVhpLNM6sNjTw2RT5GxECBo1l85thH_7baZv8FI21yF4/s72-c/Azazel.jpg)
Reviewed by Zion3R
on
8:35 PM
Rating:
Reviewed by Zion3R
on
8:35 PM
Rating:
