Curuncula is a tool shipped as a loadable kernel module that aims to detect rootkits based on the Intel debugging support facilities. Rootkits that set the GD access flag are also detected. It makes use of the "last branch recording" mechanism provided by the Intel architecture. Support both the 2.4 and 2.6 Linux kernels.
© Computer Network Defence Limited 2023