POC Linux kernel rootkit hooking mechanisms for my OnlyMalware talk given on 10/8/2025.
POC is meant for educational purposes and the Obsidian generated markdown for this talk can be found under docs/ directory.
Shout out to Lavender for recording the talk which can be viewed on YT here.
Code features IBT toggling for dealing with constraints when using ftrace (this seemed to have been address in later kernel versions).
Compiled and built on 6.16.10-arch1-1 (Arch Linux).
Should work on Linux kernel versions >= 5.7 .