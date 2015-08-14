BEURK - Experimental Unix RootKit

BEURK is a userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.

Features:

  • Hide attacker files and directories
  • Realtime log cleanup (on utmp/wtmp)
  • Anti process and login detection
  • Bypass unhide, lsof, ps, ldd, netstat analysis
  • Furtive PTY backdoor client

Usage:

  • Compile
git clone https://github.com/unix-thrust/beurk.git
cd beurk
make

