Originally posted by andyprough
View Post
Thread https://mobile.twitter.com/andreyknv...97975979102217 : "The cool part about eBPF-based rootkits is portability.
A kernel module–based rootkit needs to be rebuilt when a new kernel is deployed."
Fortunately, Debian has recently started disabling unprivileged BPF by default on the sid kernels.
Comment