EpiRookit

A Linux Rootkit for kernel 5.4

Published on May 02, 2025


Built with

C

EpiRootkit

Linux kernel rootkit for Ubuntu 20.04 (kernel 5.4) with a Command‑and‑Control backend and a web‑based UI.

Project built during my third year at EPITA under the guidance of Jules Aubert a goated Advanced Linux System professor.

Live docs: epirootkit.com

Highlights

  • Kernel Module (EpiRootkit): remote command execution, file transfer, authentication, XOR‑encrypted C2 traffic, DNS resolution, stealth, persistence.
  • C2 Backend: manage clients and route commands.
  • Web UI: monitor clients and perform actions.

Group: Tux Fan Club 🐧