From 08de1f2ead2685712e0bc22b9cd9824e9bbd7dd8 Mon Sep 17 00:00:00 2001
From: JeremyNGalloway <JeremyNGalloway@users.noreply.github.com>
Date: Tue, 27 Feb 2018 11:07:04 -0600
Subject: [PATCH] Initial upload

---
 Linux/Defense_Evasion/Rootkits.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 Linux/Defense_Evasion/Rootkits.md

diff --git a/Linux/Defense_Evasion/Rootkits.md b/Linux/Defense_Evasion/Rootkits.md
new file mode 100644
index 00000000..06becd24
--- /dev/null
+++ b/Linux/Defense_Evasion/Rootkits.md
@@ -0,0 +1,21 @@
+## Rootkits
+
+MITRE ATT&CK Technique: [T1014](https://attack.mitre.org/wiki/Technique/T1014)
+
+### Loadable Kernel Module based Rootkit
+
+Input:
+
+    sudo insmod MODULE.ko
+
+OR
+
+Input:
+
+    sudo modprobe MODULE.ko
+
+### LD_PRELOAD based Rootkit
+
+Input:
+
+    export LD_PRELOAD=$PWD/libmy_r00tkit.so
\ No newline at end of file