[Azazel] Userland Anti-debugging & Anti-detection Rootkit
Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.
Features
- Anti-debugging
- Avoids unhide, lsof, ps, ldd detection
- Hides files and directories
- Hides remote connections
- Hides processes
- Hides logins
- PCAP hooks avoid local sniffing
- Two accept backdoors with full PTY shells.
- Crypthook encrypted accept() backdoor
- Plaintext accept() backdoor
- PAM backdoor for local privesc and remote entry
- Log cleanup for utmp/wtmp entries based on pty
- Uses xor to obfuscate static strings
As with anything of this nature, it’s recommended you check the source-code/run it in a safe environment etc. But if I have to emphasise stuff like that, this is probably the wrong site for you.
[Azazel] Userland Anti-debugging & Anti-detection Rootkit
![[Azazel] Userland Anti-debugging & Anti-detection Rootkit](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNwroA4g6vNyGaEWY8PVhsuKb7XhGZRzbKYDOfN4OsPiSyZRCjpWYR5zO_QEqpO94W-rhsgtw3Dp_VNsu4UDq3QIrFbDu-oSfnZdQ3oN4xkE2m5C9sumW52dlx0HniTrjGnTip6AZCKxo/s72-c/Azazel.jpg)
Reviewed by 0x000216
on
Monday, February 17, 2014
Rating: 5
Reviewed by 0x000216
on
Monday, February 17, 2014
Rating: 5