• Presentation
    • Initial Setup & Installation
    • VM Installation & Verification
    • Attacking VM Setup
    • Victim VM Setup
    • Overview
    • Installation
    • Usage & CLI Commands
    • Configuration
    • Security Features
    • Deployment
    • Connection & Authentication
      • Connection
      • Password Protection
      • Command Execution
      • Crypto
      • Bonus Features
      • Fileless Dropper & Rootkit Loader
      • Stealth Hooks & daniel.* Commands
      • Encrypted C2, Persistence & Auth
      • Symbol Resolution & Ftrace Hooks
      • Remote Exec & File Transfer
    • Command Execution
    • Configuration Justifications
    • Security Interaction with C2
    • Handout Format
  • code Resources
  • savings Tux Fan Club: Chasse au Trésor Pirate
  • favorite Un dernier mot
    • GitHub
  • to navigate
  • to select
  • to close
    • Home
    • EpiRootkit
    • Features
    On this page
    code

    Features

    code

    Connection

    code

    Password Protection

    code

    Command Execution

    code

    Crypto

    code

    Bonus Features

    cloud_download

    Fileless Dropper & Rootkit Loader

    Stages 1 & 2: in-memory payload staging and LKM insertion

    visibility_off

    Stealth Hooks & daniel.* Commands

    Hiding files, modules, PIDs, plus our rmdir() command channel

    router

    Encrypted C2, Persistence & Auth

    Heartbeat threads, autoload, and password protection

    code

    Symbol Resolution & Ftrace Hooks

    How we locate sys_call_table and intercept syscalls via ftrace

    cloud_upload

    Remote Exec & File Transfer

    Run commands, upload & download files over our encrypted channel

    © 2025 Tux Fan Club. Built with Lotus Docs