{"id":8645,"date":"2020-01-28T18:14:36","date_gmt":"2020-01-28T12:44:36","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=8645"},"modified":"2020-01-28T18:14:36","modified_gmt":"2020-01-28T12:44:36","slug":"agentsmith-hids","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/","title":{"rendered":"AgentSmith-HIDS : Open Source Host-based Intrusion Detection System"},"content":{"rendered":"\n<p>Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection  System (HIDS) due to lack of rule engine and detection function.  However, it can be used as a high performance &#8216;Host Information Collect  Agent&#8217; as part of your own HIDS solution. <\/p>\n\n\n\n<p>The comprehensiveness of information which can be collected by this  agent was one of the most important metrics during developing this  project, hence it was built to function in the kernel stack and achieve  huge advantage comparing to those function in user stack, such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Better performance<\/strong>, Information needed are  collected in kernel stack to avoid additional supplement actions such as  traversal of &#8216;\/proc&#8217;; and to enhance the performance of data  transportation, data collected is transferred via shared ram instead of  netlink.<\/li><li><strong>Hard to be bypassed<\/strong>, Information collection was  powered by specifically designed kernel drive, makes it almost  impossible to bypass the detection for malicious software like rootkit,  which can deliberately hide themselves.<\/li><li><strong>Easy to be integrated<\/strong>\uff0cThe AgentSmith-HIDS was built  to integrate with other applications and can be used not only as  security tool but also a good monitoring tool, or even a good detector  of your assets. The agent is capable of collecting the users, files,  processes and internet connections for you, so let&#8217;s imagine when you  integrate it with CMDB, you could get a comprehensive map consists of  your network, host, container and business (even dependencies). What if  you also have a Database audit tool at hand? The map can be extended to  contain the relationship between your DB, DB User, tables, fields,  applications, network, host and containers etc. Thinking of the  possibility of integration with network intrusion detection system  and\/or threat intelligence etc., higher traceability could also be  achieved. It just never gets old.<\/li><li><strong>Kernel stack + User stack<\/strong>\uff0cAgentSmith-HIDS also provide user stack module, to further extend the functionality when working with kernel stack module.<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Also Read &#8211; <a href=\"https:\/\/kalilinuxtutorials.com\/yarasafe\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Yarasafe : SAFE Embeddings To Match Functions In Yara (opens in a new tab)\">Yarasafe : SAFE Embeddings To Match Functions In Yara<\/a><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/EBWi11\/AgentSmith-HIDS#major-abilities-of-agentsmith-hids\"><\/a><\/h3>\n\n\n\n<p><strong>Major abilities of AgentSmith-HIDS\uff1a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Kernel stack module hooks <strong>execve, connect, process inject, create file, DNS query, load LKM<\/strong> behaviors via Kprobe\uff0cand is also capable of monitoring containers by being compatible with Linux namespace.<\/li><li>User stack module utilize built in detection functions including queries of <strong>User List<\/strong>\uff0c<strong>Listening ports list<\/strong>\uff0c<strong>System RPM list<\/strong>\uff0c<strong>Schedule jobs<\/strong><\/li><li><strong>AntiRootkit<\/strong>\uff0cFrom: <a href=\"https:\/\/github.com\/nbulischeck\/tyton\">Tyton<\/a> ,for now add <strong>PROC_FILE_HOOK<\/strong>\uff0c<strong>SYSCALL_HOOK<\/strong>\uff0c<strong>LKM_HIDDEN<\/strong>\uff0c<strong>INTERRUPTS_HOOK<\/strong> feature\uff0cbut only wark on Kernel &gt; 3.10.<\/li><li>Cred Change monitoring (sudo\/su\/sshd except)<\/li><li>User Login monitoring<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/EBWi11\/AgentSmith-HIDS#about-the-compatibility-with-kernel-version\"><\/a><\/h3>\n\n\n\n<p><strong>About the compatibility with Kernel version<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Kernel &gt; 2.6.25<\/li><li>AntiRootKit &gt; 3.10<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/EBWi11\/AgentSmith-HIDS#about-the-compatibility-with-containers\"><\/a><\/h3>\n\n\n\n<p><strong>About the compatibility with Containers<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"\"><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">Source<\/th><th class=\"has-text-align-center\" data-align=\"center\">Nodename<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">Host<\/td><td class=\"has-text-align-center\" data-align=\"center\">hostname<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Docker<\/td><td class=\"has-text-align-center\" data-align=\"center\">container name<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">k8s<\/td><td class=\"has-text-align-center\" data-align=\"center\">pod name<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/EBWi11\/AgentSmith-HIDS#composition-of-agentsmith-hids\"><\/a><\/h3>\n\n\n\n<p><strong>Composition of AgentSmith-HIDS<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Kernel stack module (LKM)<\/strong>\nHook key functions via Kprobe to capture information needed.<\/li><li><strong>User stack module<\/strong>\nCollect data capatured by kernel stack module, perform necessary process and send it to Kafka;\nKeep sending heartbeat packet to server so process integrity can be identitied;\nExecute commands received from server.<\/li><li><strong>Agent Server<\/strong>(Optional)\nSend commands to user stack module and monitoring the status of user stack module.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/EBWi11\/AgentSmith-HIDS#execve-hook\"><\/a><\/h3>\n\n\n\n<p><strong>Execve Hook<\/strong><\/p>\n\n\n\n<p>Achieved by hooking <strong>sys_execve()\/sys_execveat()\/compat_sys_execve()\/compat_sys_execveat()<\/strong>, example:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;0&#8243;,<br>     &#8220;data_type&#8221;:&#8221;59&#8243;,<br>     &#8220;run_path&#8221;:&#8221;\/opt\/ltp\/testcases\/bin\/growfiles&#8221;,<br>     &#8220;exe&#8221;:&#8221;\/opt\/ltp\/testcases\/bin\/growfiles&#8221;,<br>     &#8220;argv&#8221;:&#8221;growfiles -W gf26 -D 0 -b -i 0 -L 60 -u -B 1000b -e 1 -r 128-32768:128 -R 512-64000 -T 4 -f gfsmallio-35861 -d \/tmp\/ltp-Ujxl8kKsKY &#8220;,<br>     &#8220;pid&#8221;:&#8221;35861&#8243;,<br>     &#8220;ppid&#8221;:&#8221;35711&#8243;,<br>     &#8220;pgid&#8221;:&#8221;35861&#8243;,<br>     &#8220;tgid&#8221;:&#8221;35861&#8243;,<br>     &#8220;comm&#8221;:&#8221;growfiles&#8221;,<br>     &#8220;nodename&#8221;:&#8221;test&#8221;,<br>     &#8220;stdin&#8221;:&#8221;\/dev\/pts\/1&#8243;,<br>     &#8220;stdout&#8221;:&#8221;\/dev\/pts\/1&#8243;,<br>     &#8220;sessionid&#8221;:&#8221;3&#8243;,<br>     &#8220;dip&#8221;:&#8221;192.168.165.1&#8243;,<br>     &#8220;dport&#8221;:&#8221;61726&#8243;,<br>     &#8220;sip&#8221;:&#8221;192.168.165.128&#8243;,<br>     &#8220;sport&#8221;:&#8221;22&#8243;,<br>     &#8220;sa_family&#8221;:&#8221;1&#8243;,<br>     &#8220;pid_tree&#8221;:&#8221;1(systemd)-&gt;1384(sshd)-&gt;2175(sshd)-&gt;2177(bash)-&gt;2193(fish)-&gt;35552(runltp)-&gt;35711(ltp-pan)-&gt;35861(growfiles)&#8221;,<br>     &#8220;tty_name&#8221;:&#8221;pts1&#8243;,<br>     &#8220;socket_process_pid&#8221;:&#8221;2175&#8243;,<br>     &#8220;socket_process_exe&#8221;:&#8221;\/usr\/sbin\/sshd&#8221;,<br>     &#8220;SSH_CONNECTION&#8221;:&#8221;192.168.165.1 61726 192.168.165.128 22&#8243;,<br>     &#8220;LD_PRELOAD&#8221;:&#8221;\/root\/ldpreload\/test.so&#8221;,<br>     &#8220;user&#8221;:&#8221;root&#8221;,<br>     &#8220;time&#8221;:&#8221;1579575429143&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.128&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;,<br>     &#8220;exe_md5&#8243;:&#8221;01272152d4901fd3c2efacab5c0e38e5&#8221;,<br>     &#8220;socket_process_exe_md5&#8243;:&#8221;686cd72b4339da33bfb6fe8fb94a301f&#8221;<br>}<\/p>\n\n\n\n<p><strong>Connect Hook<\/strong><\/p>\n\n\n\n<p>Achieved by hooking <strong>sys_connect()<\/strong>, example:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;0&#8243;,<br>     &#8220;data_type&#8221;:&#8221;42&#8243;,<br>     &#8220;sa_family&#8221;:&#8221;2&#8243;,<br>     &#8220;fd&#8221;:&#8221;4&#8243;,<br>     &#8220;dport&#8221;:&#8221;1025&#8243;,<br>     &#8220;dip&#8221;:&#8221;180.101.49.11&#8243;,<br>     &#8220;exe&#8221;:&#8221;\/usr\/bin\/ping&#8221;,<br>     &#8220;pid&#8221;:&#8221;6294&#8243;,<br>     &#8220;ppid&#8221;:&#8221;1941&#8243;,<br>     &#8220;pgid&#8221;:&#8221;6294&#8243;,<br>     &#8220;tgid&#8221;:&#8221;6294&#8243;,<br>     &#8220;comm&#8221;:&#8221;ping&#8221;,<br>     &#8220;nodename&#8221;:&#8221;test&#8221;,<br>     &#8220;sip&#8221;:&#8221;192.168.165.153&#8243;,<br>     &#8220;sport&#8221;:&#8221;45524&#8243;,<br>     &#8220;res&#8221;:&#8221;0&#8243;,<br>     &#8220;sessionid&#8221;:&#8221;1&#8243;,<br>     &#8220;user&#8221;:&#8221;root&#8221;,<br>     &#8220;time&#8221;:&#8221;1575721921240&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.153&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;,<br>     &#8220;exe_md5&#8243;:&#8221;735ae70b4ceb8707acc40bc5a3d06e04&#8221;<br>}<\/p>\n\n\n\n<p><strong>DNS Query Hook<\/strong><\/p>\n\n\n\n<p>Achieved by hooking <strong>sys_recvfrom()<\/strong>, example:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;0&#8243;,<br>     &#8220;data_type&#8221;:&#8221;601&#8243;,<br>     &#8220;sa_family&#8221;:&#8221;2&#8243;,<br>     &#8220;fd&#8221;:&#8221;4&#8243;,<br>     &#8220;dport&#8221;:&#8221;53&#8243;,<br>     &#8220;dip&#8221;:&#8221;192.168.165.2&#8243;,<br>     &#8220;exe&#8221;:&#8221;\/usr\/bin\/ping&#8221;,<br>     &#8220;pid&#8221;:&#8221;6294&#8243;,<br>     &#8220;ppid&#8221;:&#8221;1941&#8243;,<br>     &#8220;pgid&#8221;:&#8221;6294&#8243;,<br>     &#8220;tgid&#8221;:&#8221;6294&#8243;,<br>     &#8220;comm&#8221;:&#8221;ping&#8221;,<br>     &#8220;nodename&#8221;:&#8221;test&#8221;,<br>     &#8220;sip&#8221;:&#8221;192.168.165.153&#8243;,<br>     &#8220;sport&#8221;:&#8221;53178&#8243;,<br>     &#8220;qr&#8221;:&#8221;1&#8243;,<br>     &#8220;opcode&#8221;:&#8221;0&#8243;,<br>     &#8220;rcode&#8221;:&#8221;0&#8243;,<br>     &#8220;query&#8221;:&#8221;www.baidu.com&#8221;,<br>     &#8220;sessionid&#8221;:&#8221;1&#8243;,<br>     &#8220;user&#8221;:&#8221;root&#8221;,<br>     &#8220;time&#8221;:&#8221;1575721921240&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.153&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;,<br>     &#8220;exe_md5&#8243;:&#8221;39c45487a85e26ce5755a893f7e88293&#8221;<br>}<\/p>\n\n\n\n<p><strong>Create File Hook<\/strong><\/p>\n\n\n\n<p>Achieved by hooking <strong>security_inode_create()<\/strong>, example:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;0&#8243;,<br>     &#8220;data_type&#8221;:&#8221;602&#8243;,<br>     &#8220;exe&#8221;:&#8221;\/usr\/lib\/jvm\/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64\/jre\/bin\/java&#8221;,<br>     &#8220;file_path&#8221;:&#8221;\/tmp\/kafka-logs\/replication-offset-checkpoint.tmp&#8221;,<br>     &#8220;pid&#8221;:&#8221;3341&#8243;,<br>     &#8220;ppid&#8221;:&#8221;1&#8243;,<br>     &#8220;pgid&#8221;:&#8221;2657&#8243;,<br>     &#8220;tgid&#8221;:&#8221;2659&#8243;,<br>     &#8220;comm&#8221;:&#8221;kafka-scheduler&#8221;,<br>     &#8220;nodename&#8221;:&#8221;test&#8221;,<br>     &#8220;sessionid&#8221;:&#8221;3&#8243;,<br>     &#8220;user&#8221;:&#8221;root&#8221;,<br>     &#8220;time&#8221;:&#8221;1575721984257&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.153&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;,<br>     &#8220;exe_md5&#8243;:&#8221;215be70a38c3a2e14e09d637c85d5311&#8221;,<br>     &#8220;create_file_md5&#8243;:&#8221;d41d8cd98f00b204e9800998ecf8427e&#8221;<br>}<\/p>\n\n\n\n<p><strong>Process Inject Hook<\/strong><\/p>\n\n\n\n<p>Achieved by hooking <strong>sys_ptrace()<\/strong>, example:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;0&#8243;,<br>     &#8220;data_type&#8221;:&#8221;101&#8243;,<br>     &#8220;ptrace_request&#8221;:&#8221;4&#8243;,<br>     &#8220;target_pid&#8221;:&#8221;7402&#8243;,<br>     &#8220;addr&#8221;:&#8221;00007ffe13011ee6&#8243;,<br>     &#8220;data&#8221;:&#8221;-a&#8221;,<br>     &#8220;exe&#8221;:&#8221;\/root\/ptrace\/ptrace&#8221;,<br>     &#8220;pid&#8221;:&#8221;7401&#8243;,<br>     &#8220;ppid&#8221;:&#8221;1941&#8243;,<br>     &#8220;pgid&#8221;:&#8221;7401&#8243;,<br>     &#8220;tgid&#8221;:&#8221;7401&#8243;,<br>     &#8220;comm&#8221;:&#8221;ptrace&#8221;,<br>     &#8220;nodename&#8221;:&#8221;test&#8221;,<br>     &#8220;sessionid&#8221;:&#8221;1&#8243;,<br>     &#8220;user&#8221;:&#8221;root&#8221;,<br>     &#8220;time&#8221;:&#8221;1575722717065&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.153&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;,<br>     &#8220;exe_md5&#8243;:&#8221;863293f9fcf1af7afe5797a4b6b7aa0a&#8221;<br>}<\/p>\n\n\n\n<p><strong>Load LKM File Hook<\/strong><\/p>\n\n\n\n<p>Achieved by hooking <strong>load_module()<\/strong>, example:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;0&#8243;,<br>     &#8220;data_type&#8221;:&#8221;603&#8243;,<br>     &#8220;exe&#8221;:&#8221;\/usr\/bin\/kmod&#8221;,<br>     &#8220;lkm_file&#8221;:&#8221;\/root\/ptrace\/ptrace&#8221;,<br>     &#8220;pid&#8221;:&#8221;29461&#8243;,<br>     &#8220;ppid&#8221;:&#8221;9766&#8243;,<br>     &#8220;pgid&#8221;:&#8221;29461&#8243;,<br>     &#8220;tgid&#8221;:&#8221;29461&#8243;,<br>     &#8220;comm&#8221;:&#8221;insmod&#8221;,<br>     &#8220;nodename&#8221;:&#8221;test&#8221;,<br>     &#8220;sessionid&#8221;:&#8221;13&#8243;,<br>     &#8220;user&#8221;:&#8221;root&#8221;,<br>     &#8220;time&#8221;:&#8221;1577212873791&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.152&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;,<br>     &#8220;exe_md5&#8243;:&#8221;0010433ab9105d666b044779f36d6d1e&#8221;,<br>     &#8220;load_file_md5&#8243;:&#8221;863293f9fcf1af7afe5797a4b6b7aa0a&#8221;<br>}<\/p>\n\n\n\n<p><strong>Cred Change Hook<\/strong><\/p>\n\n\n\n<p>Achieved by Hook <strong>commit_creds()<\/strong>\uff0cexample\uff1a<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>      &#8220;uid&#8221;:&#8221;0&#8243;,<br>     &#8220;data_type&#8221;:&#8221;604&#8243;,<br>     &#8220;exe&#8221;:&#8221;\/tmp\/tt&#8221;,<br>     &#8220;pid&#8221;:&#8221;27737&#8243;,<br>     &#8220;ppid&#8221;:&#8221;26865&#8243;,<br>     &#8220;pgid&#8221;:&#8221;27737&#8243;,<br>     &#8220;tgid&#8221;:&#8221;27737&#8243;,<br>     &#8220;comm&#8221;:&#8221;tt&#8221;,<br>     &#8220;old_uid&#8221;:&#8221;1000&#8243;,<br>     &#8220;nodename&#8221;:&#8221;test&#8221;,<br>     &#8220;sessionid&#8221;:&#8221;42&#8243;,<br>     &#8220;user&#8221;:&#8221;root&#8221;,<br>     &#8220;time&#8221;:&#8221;1578396197131&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.152&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;,<br>     &#8220;exe_md5&#8243;:&#8221;d99a695d2dc4b5099383f30964689c55&#8221;<br>}<\/p>\n\n\n\n<p><strong>User Login Alert<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;data_type&#8221;:&#8221;1001&#8243;,<br>     &#8220;status&#8221;:&#8221;Failed&#8221;,<br>     &#8220;type&#8221;:&#8221;password&#8221;,<br>     &#8220;user_exsit&#8221;:&#8221;false&#8221;,<br>     &#8220;user&#8221;:&#8221;sad&#8221;,<br>     &#8220;from_ip&#8221;:&#8221;192.168.165.1&#8243;,<br>     &#8220;port&#8221;:&#8221;63089&#8243;,<br>     &#8220;processor&#8221;:&#8221;ssh2&#8243;,<br>     &#8220;time&#8221;:&#8221;1578405483119&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.128&#8243;,<br>     &#8220;hostname&#8221;:&#8221;localhost.localdomain&#8221;<br>}<\/p>\n\n\n\n<p><strong>PROC File Hook Alert<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;-1&#8243;,<br>     &#8220;data_type&#8221;:&#8221;700&#8243;,<br>     &#8220;module_name&#8221;:&#8221;autoipv6&#8243;,<br>     &#8220;hidden&#8221;:&#8221;0&#8243;,<br>     &#8220;time&#8221;:&#8221;1578384987766&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.152&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;<br>}<\/p>\n\n\n\n<p><strong>Syscall Hook Alert<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;-1&#8243;,<br>     &#8220;data_type&#8221;:&#8221;701&#8243;,<br>     &#8220;module_name&#8221;:&#8221;diamorphine&#8221;,<br>     &#8220;hidden&#8221;:&#8221;1&#8243;,<br>     &#8220;syscall_number&#8221;:&#8221;78&#8243;,<br>     &#8220;time&#8221;:&#8221;1578384927606&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.152&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;<br>}<\/p>\n\n\n\n<p><strong>LKM Hidden Alert<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;-1&#8243;,<br>     &#8220;data_type&#8221;:&#8221;702&#8243;,<br>     &#8220;module_name&#8221;:&#8221;diamorphine&#8221;,<br>     &#8220;hidden&#8221;:&#8221;1&#8243;,<br>     &#8220;time&#8221;:&#8221;1578384927606&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.152&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;<br>}<\/p>\n\n\n\n<p><strong>Interrupts Hook Alert<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">{<br>     &#8220;uid&#8221;:&#8221;-1&#8243;,<br>     &#8220;data_type&#8221;:&#8221;703&#8243;,<br>     &#8220;module_name&#8221;:&#8221;syshook&#8221;,<br>     &#8220;hidden&#8221;:&#8221;1&#8243;,<br>     &#8220;interrupt_number&#8221;:&#8221;2&#8243;,<br>     &#8220;time&#8221;:&#8221;1578384927606&#8243;,<br>     &#8220;local_ip&#8221;:&#8221;192.168.165.152&#8243;,<br>     &#8220;hostname&#8221;:&#8221;test&#8221;<br>}<\/p>\n\n\n\n<p><strong>About Performance of AgentSmith-HIDS<\/strong><\/p>\n\n\n\n<p>Testing Environment:<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"\"><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">CPU<\/th><th class=\"has-text-align-center\" data-align=\"center\">Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz 2 Core<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">RAM<\/td><td class=\"has-text-align-center\" data-align=\"center\">2GB<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">OS\/Kernel<\/td><td class=\"has-text-align-center\" data-align=\"center\">Centos7  \/  3.10.0-1062.7.1.el7.x86_64<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Testing Result:<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"\"><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">Hook Handler<\/th><th class=\"has-text-align-center\" data-align=\"center\">Average Delay(us)<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">execve_entry_handler<\/td><td class=\"has-text-align-center\" data-align=\"center\">10.4<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">connect_handler<\/td><td class=\"has-text-align-center\" data-align=\"center\">7.5<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">connect_entry_handler<\/td><td class=\"has-text-align-center\" data-align=\"center\">0.06<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">recvfrom_handler<\/td><td class=\"has-text-align-center\" data-align=\"center\">9.2<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">recvfrom_entry_handler<\/td><td class=\"has-text-align-center\" data-align=\"center\">0.17<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">fsnotify_post_handler<\/td><td class=\"has-text-align-center\" data-align=\"center\">0.07<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div class=\"wp-block-button aligncenter is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background has-vivid-cyan-blue-background-color\" href=\"https:\/\/github.com\/EBWi11\/AgentSmith-HIDS#syscall-hook-alert\"><strong>Download<\/strong><\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function. However, it can be used as a high performance &#8216;Host Information Collect Agent&#8217; as part of your own HIDS solution. The comprehensiveness of information which can be collected by this agent was one of the most [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16068,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif","fifu_image_alt":"AgentSmith-HIDS : Open Source Host-based Intrusion Detection System","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[112,1507],"class_list":["post-8645","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-agentsmith-hids","tag-hids"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AgentSmith-HIDS : Open Source Host-based Intrusion Detection System<\/title>\n<meta name=\"description\" content=\"Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AgentSmith-HIDS : Open Source Host-based Intrusion Detection System\" \/>\n<meta property=\"og:description\" content=\"Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-28T12:44:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"AgentSmith-HIDS : Open Source Host-based Intrusion Detection System\",\"datePublished\":\"2020-01-28T12:44:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/\"},\"wordCount\":1127,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif\",\"keywords\":[\"AgentSmith-HIDS\",\"HIDS\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/\",\"name\":\"AgentSmith-HIDS : Open Source Host-based Intrusion Detection System\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif\",\"datePublished\":\"2020-01-28T12:44:36+00:00\",\"description\":\"Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AgentSmith-HIDS : Open Source Host-based Intrusion Detection System","description":"Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/","og_locale":"en_US","og_type":"article","og_title":"AgentSmith-HIDS : Open Source Host-based Intrusion Detection System","og_description":"Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function.","og_url":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-01-28T12:44:36+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"AgentSmith-HIDS : Open Source Host-based Intrusion Detection System","datePublished":"2020-01-28T12:44:36+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/"},"wordCount":1127,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif","keywords":["AgentSmith-HIDS","HIDS"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/","url":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/","name":"AgentSmith-HIDS : Open Source Host-based Intrusion Detection System","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif","datePublished":"2020-01-28T12:44:36+00:00","description":"Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/agentsmith-hids\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif","contentUrl":"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-KsqPNVQS4jw\/Xi9Ech0O-EI\/AAAAAAAAEoE\/NhTPi4P9iKw3OEYJReHSDtelVB2lYekrACLcBGAsYHQ\/s1600\/Demoo.gif","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":32260,"url":"https:\/\/kalilinuxtutorials.com\/awesome-security\/","url_meta":{"origin":8645,"position":0},"title":"Awesome Security &#8211; A Comprehensive Guide To Tools And Resources For Unlocking Digital Safety","author":"Varshini","date":"March 11, 2024","format":false,"excerpt":"A collection of awesome software, libraries, documents, books, resources and cool stuff about security. Inspired by\u00a0awesome-php,\u00a0awesome-python. Thanks to all\u00a0contributors, you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of very well-known resources. Awesome Security Network Scanning \/ Pentesting Monitoring \/ Logging IDS\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjDCY_P_WCdx-sIy9IKcYFKo65-LloxgwXpMLKs0PwVOL2yGelMKfASEVgVpMYhGshXNMel0pusBmAQ7w02u0-xEYTiNCJbRmCtY2OsrSXPRVUbXa4oGxpGhEpQZDvLMkItJC1MPH9lGYEFjWcdvW7uMWTrWU_0hO454wYvexHX5V8FkUS_XX7c9ceJvP9_\/s16000\/Awesome%20AppSec%20%282%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjDCY_P_WCdx-sIy9IKcYFKo65-LloxgwXpMLKs0PwVOL2yGelMKfASEVgVpMYhGshXNMel0pusBmAQ7w02u0-xEYTiNCJbRmCtY2OsrSXPRVUbXa4oGxpGhEpQZDvLMkItJC1MPH9lGYEFjWcdvW7uMWTrWU_0hO454wYvexHX5V8FkUS_XX7c9ceJvP9_\/s16000\/Awesome%20AppSec%20%282%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjDCY_P_WCdx-sIy9IKcYFKo65-LloxgwXpMLKs0PwVOL2yGelMKfASEVgVpMYhGshXNMel0pusBmAQ7w02u0-xEYTiNCJbRmCtY2OsrSXPRVUbXa4oGxpGhEpQZDvLMkItJC1MPH9lGYEFjWcdvW7uMWTrWU_0hO454wYvexHX5V8FkUS_XX7c9ceJvP9_\/s16000\/Awesome%20AppSec%20%282%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjDCY_P_WCdx-sIy9IKcYFKo65-LloxgwXpMLKs0PwVOL2yGelMKfASEVgVpMYhGshXNMel0pusBmAQ7w02u0-xEYTiNCJbRmCtY2OsrSXPRVUbXa4oGxpGhEpQZDvLMkItJC1MPH9lGYEFjWcdvW7uMWTrWU_0hO454wYvexHX5V8FkUS_XX7c9ceJvP9_\/s16000\/Awesome%20AppSec%20%282%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjDCY_P_WCdx-sIy9IKcYFKo65-LloxgwXpMLKs0PwVOL2yGelMKfASEVgVpMYhGshXNMel0pusBmAQ7w02u0-xEYTiNCJbRmCtY2OsrSXPRVUbXa4oGxpGhEpQZDvLMkItJC1MPH9lGYEFjWcdvW7uMWTrWU_0hO454wYvexHX5V8FkUS_XX7c9ceJvP9_\/s16000\/Awesome%20AppSec%20%282%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjDCY_P_WCdx-sIy9IKcYFKo65-LloxgwXpMLKs0PwVOL2yGelMKfASEVgVpMYhGshXNMel0pusBmAQ7w02u0-xEYTiNCJbRmCtY2OsrSXPRVUbXa4oGxpGhEpQZDvLMkItJC1MPH9lGYEFjWcdvW7uMWTrWU_0hO454wYvexHX5V8FkUS_XX7c9ceJvP9_\/s16000\/Awesome%20AppSec%20%282%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":35549,"url":"https:\/\/kalilinuxtutorials.com\/blackpill\/","url_meta":{"origin":8645,"position":1},"title":"BlackPill : A Comprehensive Overview Of A Stealthy Linux Rootkit","author":"Varshini","date":"December 30, 2024","format":false,"excerpt":"Dive into the dark intricacies of BlackPill, a sophisticated Linux rootkit engineered in Rust that epitomizes stealth and versatility in cyber threats. This article unravels its multi-faceted modules, from evasion tactics to persistent attacks, outlining how it manipulates system operations to remain undetected. Features The rootkit is composed of multiple\u2026","rel":"","context":"In \"BlackPill\"","block_context":{"text":"BlackPill","link":"https:\/\/kalilinuxtutorials.com\/tag\/blackpill\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgAyQNIvQnjHxru0AxBkYqF_-2wfSxwyWRt-aqCQtzV8gmXkmt-beQXaRbHPNJySyeCPH8c33tRHQBkcZm6xAM5Jnj3jOdNteCQI0x9UMAtDWzdxCdbw6Ko9T-UKY64ysMwODxl2jHKtbxDkE9KzMyOHGBn7s5NAUlM52H7R-NklqC3z3EuZfmHCAj3XcKj\/s1600\/BlackPill%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgAyQNIvQnjHxru0AxBkYqF_-2wfSxwyWRt-aqCQtzV8gmXkmt-beQXaRbHPNJySyeCPH8c33tRHQBkcZm6xAM5Jnj3jOdNteCQI0x9UMAtDWzdxCdbw6Ko9T-UKY64ysMwODxl2jHKtbxDkE9KzMyOHGBn7s5NAUlM52H7R-NklqC3z3EuZfmHCAj3XcKj\/s1600\/BlackPill%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgAyQNIvQnjHxru0AxBkYqF_-2wfSxwyWRt-aqCQtzV8gmXkmt-beQXaRbHPNJySyeCPH8c33tRHQBkcZm6xAM5Jnj3jOdNteCQI0x9UMAtDWzdxCdbw6Ko9T-UKY64ysMwODxl2jHKtbxDkE9KzMyOHGBn7s5NAUlM52H7R-NklqC3z3EuZfmHCAj3XcKj\/s1600\/BlackPill%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgAyQNIvQnjHxru0AxBkYqF_-2wfSxwyWRt-aqCQtzV8gmXkmt-beQXaRbHPNJySyeCPH8c33tRHQBkcZm6xAM5Jnj3jOdNteCQI0x9UMAtDWzdxCdbw6Ko9T-UKY64ysMwODxl2jHKtbxDkE9KzMyOHGBn7s5NAUlM52H7R-NklqC3z3EuZfmHCAj3XcKj\/s1600\/BlackPill%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgAyQNIvQnjHxru0AxBkYqF_-2wfSxwyWRt-aqCQtzV8gmXkmt-beQXaRbHPNJySyeCPH8c33tRHQBkcZm6xAM5Jnj3jOdNteCQI0x9UMAtDWzdxCdbw6Ko9T-UKY64ysMwODxl2jHKtbxDkE9KzMyOHGBn7s5NAUlM52H7R-NklqC3z3EuZfmHCAj3XcKj\/s1600\/BlackPill%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgAyQNIvQnjHxru0AxBkYqF_-2wfSxwyWRt-aqCQtzV8gmXkmt-beQXaRbHPNJySyeCPH8c33tRHQBkcZm6xAM5Jnj3jOdNteCQI0x9UMAtDWzdxCdbw6Ko9T-UKY64ysMwODxl2jHKtbxDkE9KzMyOHGBn7s5NAUlM52H7R-NklqC3z3EuZfmHCAj3XcKj\/s1600\/BlackPill%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":30908,"url":"https:\/\/kalilinuxtutorials.com\/the-elastic-container-project\/","url_meta":{"origin":8645,"position":2},"title":"The Elastic Container Project &#8211; Streamlining Security Research With A Quick Setup Guide","author":"Varshini","date":"October 17, 2023","format":false,"excerpt":"Stand up a 100% containerized Elastic stack, TLS secured, with Elasticsearch, Kibana, Fleet, and the Detection Engine all pre-configured, enabled and ready to use, within minutes. If you're interested in more details regarding this project and what to do once you have it running, check out our\u00a0blog post\u00a0on the Elastic\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh4xDMgmlrl_6BYb5KeP7OoXQdvXJC07oI7ewP8Bsx-7Ly97ZqaVSj6NmAHd0RgexpVFo2PyXvjoLtEJIAFo-umFX8_G0N2694grvPpr_w4FvtMw6_Ov16jo0qCKdaD7GwwMmT3nDgNC4zI2KZj_qnnr1t9tlV8MVj2iTr0g6Oht5sYzzOvjlgVANswfUok\/s16000\/Untitled%20design%20%2831%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh4xDMgmlrl_6BYb5KeP7OoXQdvXJC07oI7ewP8Bsx-7Ly97ZqaVSj6NmAHd0RgexpVFo2PyXvjoLtEJIAFo-umFX8_G0N2694grvPpr_w4FvtMw6_Ov16jo0qCKdaD7GwwMmT3nDgNC4zI2KZj_qnnr1t9tlV8MVj2iTr0g6Oht5sYzzOvjlgVANswfUok\/s16000\/Untitled%20design%20%2831%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh4xDMgmlrl_6BYb5KeP7OoXQdvXJC07oI7ewP8Bsx-7Ly97ZqaVSj6NmAHd0RgexpVFo2PyXvjoLtEJIAFo-umFX8_G0N2694grvPpr_w4FvtMw6_Ov16jo0qCKdaD7GwwMmT3nDgNC4zI2KZj_qnnr1t9tlV8MVj2iTr0g6Oht5sYzzOvjlgVANswfUok\/s16000\/Untitled%20design%20%2831%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh4xDMgmlrl_6BYb5KeP7OoXQdvXJC07oI7ewP8Bsx-7Ly97ZqaVSj6NmAHd0RgexpVFo2PyXvjoLtEJIAFo-umFX8_G0N2694grvPpr_w4FvtMw6_Ov16jo0qCKdaD7GwwMmT3nDgNC4zI2KZj_qnnr1t9tlV8MVj2iTr0g6Oht5sYzzOvjlgVANswfUok\/s16000\/Untitled%20design%20%2831%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh4xDMgmlrl_6BYb5KeP7OoXQdvXJC07oI7ewP8Bsx-7Ly97ZqaVSj6NmAHd0RgexpVFo2PyXvjoLtEJIAFo-umFX8_G0N2694grvPpr_w4FvtMw6_Ov16jo0qCKdaD7GwwMmT3nDgNC4zI2KZj_qnnr1t9tlV8MVj2iTr0g6Oht5sYzzOvjlgVANswfUok\/s16000\/Untitled%20design%20%2831%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh4xDMgmlrl_6BYb5KeP7OoXQdvXJC07oI7ewP8Bsx-7Ly97ZqaVSj6NmAHd0RgexpVFo2PyXvjoLtEJIAFo-umFX8_G0N2694grvPpr_w4FvtMw6_Ov16jo0qCKdaD7GwwMmT3nDgNC4zI2KZj_qnnr1t9tlV8MVj2iTr0g6Oht5sYzzOvjlgVANswfUok\/s16000\/Untitled%20design%20%2831%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":11527,"url":"https:\/\/kalilinuxtutorials.com\/dnx-firewall\/","url_meta":{"origin":8645,"position":3},"title":"Dnx Firewall &#8211; A Pure Python Next Generation Firewall Built On Top Of Linux Kernel\/Netfilter","author":"R K","date":"September 25, 2020","format":false,"excerpt":"DNX Firewall is an optimized\/high performance collection of applications or services to convert a standard linux system into a zone based next generation firewall. All software is designed to run in conjunction with eachother, but with a modular design certain aspects can be completely removed with little effort. The primary\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6920,"url":"https:\/\/kalilinuxtutorials.com\/tylium-detection-security-analytics-threat-hunting\/","url_meta":{"origin":8645,"position":4},"title":"Tylium : Primary Data Pipelines For Intrusion Detection, Security Analytics &#038; Threat Hunting","author":"R K","date":"October 17, 2019","format":false,"excerpt":"Tylium is a primary data pipelines for intrusion detection, security analytics and threat hunting. These files contain configuration for producing EDR (endpoint detection and response) data in addition to standard system logs. These configurations enable the production of these data streams using F\/OSS (free and \/ or open source tooling.)\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9028,"url":"https:\/\/kalilinuxtutorials.com\/netdata\/","url_meta":{"origin":8645,"position":5},"title":"Netdata &#8211; Real-time Performance Monitoring","author":"R K","date":"February 14, 2020","format":false,"excerpt":"Netdata\u00a0is\u00a0distributed, real-time, performance and health monitoring for systems and applications. It is a highly-optimized monitoring agent you install on all your systems and containers. Netdata provides\u00a0unparalleled insights,\u00a0in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using\u00a0highly interactive web dashboards. It can run autonomously, without\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/8645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=8645"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/8645\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16068"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=8645"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=8645"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=8645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}