T1014
Rootkit
discovered 2026-06-03eBPF kernel rootkit (q2.bpf.c) hides processes via /proc rewriting and TCP sockets via netlink filtering; requires root and absent kernel lockdown for full effect.
View on MITRE ATT&CKeBPF kernel rootkit (q2.bpf.c) hides processes via /proc rewriting and TCP sockets via netlink filtering; requires root and absent kernel lockdown for full effect.
View on MITRE ATT&CKSafeDep keeps analytics anonymous and cookie-free until you opt in. Accepting helps us understand product usage and improve your experience. Privacy Policy
Choose what you share. You can change this anytime from the footer.