diff --git a/Linux/Defense_Evasion/Rootkits.md b/Linux/Defense_Evasion/Rootkits.md
new file mode 100644
index 00000000..06becd24
--- /dev/null
+++ b/Linux/Defense_Evasion/Rootkits.md
@@ -0,0 +1,21 @@
+## Rootkits
+
+MITRE ATT&CK Technique: [T1014](https://attack.mitre.org/wiki/Technique/T1014)
+
+### Loadable Kernel Module based Rootkit
+
+Input:
+
+    sudo insmod MODULE.ko
+
+OR
+
+Input:
+
+    sudo modprobe MODULE.ko
+
+### LD_PRELOAD based Rootkit
+
+Input:
+
+    export LD_PRELOAD=$PWD/libmy_r00tkit.so
\ No newline at end of file
diff --git a/Linux/README.md b/Linux/README.md
index 504087b8..83e03254 100644
--- a/Linux/README.md
+++ b/Linux/README.md
@@ -13,7 +13,8 @@
 | Valid Accounts               |                               | Indicator Removal on Host     | Two-Factor Authentication Interception | System Network Connections Discovery   |                                 |                          | Input Capture                  | Scheduled Transfer                            | Multi-Stage Channels                    |
 | Web Shell                    |                               | Install Root Certificate      |                                        | System Owner/User Discovery            |                                 |                          | Screen Capture                 |                                               | Multiband Communication                 |
 |                              |                               | Masquerading                  |                                        |                                        |                                 |                          |                                |                                               | Multilayer Encryption                   |
-|                              |                               | Redundant Access              |                                        |                                        |                                 |                          |                                |                                               | Remote File Copy                        |
+|                              |                               | Redundant Access              |                        
+|                              |                               | [Rootkits](Defense_Evasion/Rootkits.md)              |                        |                                        |                                 |                          |                                |                                               | Remote File Copy                        |
 |                              |                               | Scripting                     |                                        |                                        |                                 |                          |                                |                                               | Standard Application Layer Protocol     |
 |                              |                               | Space after Filename          |                                        |                                        |                                 |                          |                                |                                               | Standard Cryptographic Protocol         |
 |                              |                               | Timestomp                     |                                        |                                        |                                 |                          |                                |                                               | Standard Non-Application Layer Protocol |