Kernel Rootkit detection with eBPF time tracing
Rootkits are a specialized form of malware, with the goal of absolute stealth.
They have lived through an evolution of development through the time,
as have the efforts to detect them.
This talk presents a detection approach based on time probes that detect the delays caused
by a rootkit.
This is realized with modern eBPF technology.
Additionally a general overview of rootkits is given.