module
Rootkit Privilege Escalation Signal Hunter
| Disclosed |
|---|
| Nov 7, 2013 |
Disclosed
Nov 7, 2013
Description
This module searches for rootkits which use signals to elevate
process privileges to UID 0 (root).
Some rootkits install signal handlers which listen for specific
signals to elevate process privileges. This module identifies these
rootkits by sending signals and observing UID switching to root.
This module has been tested successfully with:
Singularity 5b6c4b6 (2025-10-19) on Ubuntu 24.04
kernel 6.14.0-33-generic (x64);
Diamorphine 2337293 (2023-09-20) on Ubuntu 22.04
kernel 5.19.0-38-generic (x64);
Codeine 9644336 (2025-09-02) on Ubuntu 22.04
kernel 5.19.0-38-generic (x64).
process privileges to UID 0 (root).
Some rootkits install signal handlers which listen for specific
signals to elevate process privileges. This module identifies these
rootkits by sending signals and observing UID switching to root.
This module has been tested successfully with:
Singularity 5b6c4b6 (2025-10-19) on Ubuntu 24.04
kernel 6.14.0-33-generic (x64);
Diamorphine 2337293 (2023-09-20) on Ubuntu 22.04
kernel 5.19.0-38-generic (x64);
Codeine 9644336 (2025-09-02) on Ubuntu 22.04
kernel 5.19.0-38-generic (x64).
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.