Skip to content
Discussion options

You must be logged in to vote

Here is what each scan mode covers:

Quick Scan (runs in seconds):

  • Check /proc for hidden processes (PID comparison)
  • Verify system binary integrity (hash check of key binaries)
  • Check loaded kernel modules against whitelist
  • Look for common rootkit files/directories
  • Basic network socket analysis

Deep Scan (can take minutes):

  • Everything in Quick Scan, plus:
  • Full filesystem integrity scan (all system binaries)
  • eBPF program enumeration and analysis
  • Kernel symbol table verification
  • System call table integrity check
  • Inline hook detection in kernel functions
  • Memory analysis for hidden processes
  • Network traffic analysis for covert channels
  • Full signature database scan (280+ signatures)
  • Volatilit…

Replies: 1 comment

Comment options

You must be logged in to vote
0 replies
Answer selected by bad-antics
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
1 participant