diff --git a/Linux/Defense_Evasion/Rootkits.md b/Linux/Defense_Evasion/Rootkits.md
new file mode 100644
index 00000000..06becd24
--- /dev/null
+++ b/Linux/Defense_Evasion/Rootkits.md
@@ -0,0 +1,21 @@
+## Rootkits
+
+MITRE ATT&CK Technique: [T1014](https://attack.mitre.org/wiki/Technique/T1014)
+
+### Loadable Kernel Module based Rootkit
+
+Input:
+
+    sudo insmod MODULE.ko
+
+OR
+
+Input:
+
+    sudo modprobe MODULE.ko
+
+### LD_PRELOAD based Rootkit
+
+Input:
+
+    export LD_PRELOAD=$PWD/libmy_r00tkit.so
\ No newline at end of file