Sometimes old threats continue to remain relevant for a long period of time. The longevity of the x86 CPU architecture means that rootkits leveraging its features to achieve stealth on compromised systems may have a long shelf life and enable attackers to evade detection over an extended period. In this article, we look at “Subversive” (https://github.com/falk3n/subversive), a Linux rootkit that uses x86 debug registers to hook the operating system kernel.
Article Link: https://blogs.forcepoint.com/security-labs/detecting-register-hooking-linux-rootkits-forcepoint-second-look