Rootkit on Sitihttps://siti.pages.dev/tags/rootkit/Recent content in Rootkit on SitiHugoidWed, 29 Apr 2026 00:00:00 +0000Malware & Rootkit — Teknik Persembunyian Proseshttps://siti.pages.dev/docs/process-hiding/Wed, 29 Apr 2026 00:00:00 +0000https://siti.pages.dev/docs/process-hiding/<h2 id="daftar-isi">Daftar Isi</h2> <ul> <li><a href="https://siti.pages.dev/docs/process-hiding/#bab-1--teknik-persembunyian-proses">Bab 1 — Teknik Persembunyian Proses</a> <ul> <li><a href="https://siti.pages.dev/docs/process-hiding/#11-argv0-masquerading">1.1 argv[0] Masquerading</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#12-kernel-thread-spoofing">1.2 Kernel Thread Spoofing</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#13-nama-binary-palsu-di-sistem-path">1.3 Nama Binary Palsu di Sistem Path</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#14-guard-process--auto-respawn">1.4 Guard Process &amp; Auto-Respawn</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#15-systemd-service-palsu">1.5 Systemd Service Palsu</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#16-immutable-files-via-chattr">1.6 Immutable Files via chattr</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#17-ld_preload-hooking">1.7 LD_PRELOAD Hooking</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#18-lkm-rootkit">1.8 LKM Rootkit</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#19-ebpf-rootkit">1.9 eBPF Rootkit</a></li> </ul> </li> <li><a href="https://siti.pages.dev/docs/process-hiding/#110-persistence-via-bashrcprofile">Bab 1.10 — Persistence via .bashrc/.profile</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#111-perfctl-pola-malware-canggih-di-home">Bab 1.11 — perfctl: Pola Malware Canggih di $HOME</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#bab-2--cara-deteksi">Bab 2 — Cara Deteksi</a> <ul> <li><a href="https://siti.pages.dev/docs/process-hiding/#21-bandingkan-proc-vs-ps">2.1 Bandingkan /proc vs ps</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#22-deteksi-ghost-process">2.2 Deteksi Ghost Process</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#23-cek-binary-di-balik-proses">2.3 Cek Binary di Balik Proses</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#24-audit-immutable-files">2.4 Audit Immutable Files</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#25-cek-systemd-services-mencurigakan">2.5 Cek Systemd Services Mencurigakan</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#26-koneksi-jaringan-tersembunyi">2.6 Koneksi Jaringan Tersembunyi</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#27-deteksi-ld_preload-hook">2.7 Deteksi LD_PRELOAD Hook</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#28-deteksi-lkm-rootkit">2.8 Deteksi LKM Rootkit</a></li> </ul> </li> <li><a href="https://siti.pages.dev/docs/process-hiding/#bab-3--penanganan--pembersihan">Bab 3 — Penanganan &amp; Pembersihan</a> <ul> <li><a href="https://siti.pages.dev/docs/process-hiding/#31-urutan-pembersihan-yang-benar">3.1 Urutan Pembersihan yang Benar</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#32-kill-guard-dulu">3.2 Kill Guard Dulu</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#33-hapus-file-immutable">3.3 Hapus File Immutable</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#34-bersihkan-persistence">3.4 Bersihkan Persistence</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#35-blokir-c2-di-etchosts">3.5 Blokir C2 di /etc/hosts</a></li> </ul> </li> <li><a href="https://siti.pages.dev/docs/process-hiding/#bab-4--studi-kasus-nyata">Bab 4 — Studi Kasus Nyata</a> <ul> <li><a href="https://siti.pages.dev/docs/process-hiding/#41-cluster-gs-dbus--softirq">4.1 Cluster gs-dbus + softirq</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#42-rondo-c2-agent">4.2 Rondo C2 Agent</a></li> <li><a href="https://siti.pages.dev/docs/process-hiding/#43-dropper-resh--pakchoi-backdoor">4.3 Dropper re.sh + pakchoi Backdoor</a></li> </ul> </li> </ul> <hr> <h2 id="bab-1--teknik-persembunyian-proses">Bab 1 — Teknik Persembunyian Proses</h2> <p>Malware modern tidak bisa hanya berjalan — ia harus <strong>tidak terlihat</strong>. Berikut adalah teknik-teknik yang paling umum digunakan, dari yang paling sederhana hingga yang paling dalam.</p>