CreativeHive-stack/linux-rootkit-detection-lab

# Linux Rootkit Detection & Threat Hunting Lab ## Overview This project documents a hands-on Linux threat hunting and rootkit detection lab environment focused on identifying suspicious activity, monitoring system integrity, and analyzing logs using common defensive security tools. The objective of this lab was to practice Linux security monitoring techniques commonly used in SOC and blue team environments. ## Objectives - Detect potential rootkits - Analyze suspicious processes - Monitor network activity - Review authentication logs - Practice Linux threat hunting techniques - Improve defensive security skills ## Environment - Operating System: Kali Linux - Lab Type: Local Virtual Lab - Methodology: Defensive Security / Threat Hunting ## Tools Used - chkrootkit - rkhunter - netstat - tcpdump - grep - ps - lsmod ## Rootkit Detection Commands ### Install Detection Tools sudo apt update sudo apt install chkrootkit rkhunter -y ### Scan for Rootkits sudo chkrootkit sudo rkhunter --check ## Process Inspection ps aux | grep root lsmod Purpose: - Inspect active root processes - Review loaded kernel modules - Identify suspicious behavior ## Log Analysis sudo cat /var/log/syslog | grep -i error sudo cat /var/log/auth.log | grep -i root Purpose: - Investigate authentication activity - Review system errors - Detect unusual login attempts ## Network Monitoring netstat -tulnp sudo tcpdump -i eth0 port 53 Purpose: - Monitor open network connections - Analyze DNS traffic - Detect suspicious outbound communication ## Skills Demonstrated - Linux administration - Threat hunting - Log analysis - Rootkit detection - Network monitoring - Defensive security operations - SOC analyst fundamentals ## Key Takeaways This lab strengthened foundational Linux security and threat hunting skills by utilizing real-world defensive security tools and methodologies commonly used by SOC analysts and blue team professionals. ## Disclaimer This project was conducted in a legal lab environment for educational and professional portfolio purposes only. ## Author Brandon H. Steeno Aspiring Cybersecurity Analyst & SOC Professional