detecting-rootkit-activity

Installation
SKILL.md

Detecting Rootkit Activity

When to Use

  • System shows signs of compromise but standard tools (Task Manager, netstat) show nothing abnormal
  • Antivirus/EDR detects rootkit signatures but cannot identify the specific hiding mechanism
  • Memory forensics reveals discrepancies between kernel data structures and user-mode tool output
  • Investigating a persistent threat that survives remediation attempts and system reboots
  • Validating system integrity after a suspected kernel-level compromise

Do not use as a first-line detection method; start with standard malware triage and escalate to rootkit analysis when hiding behavior is suspected.

Prerequisites

Installs
41
GitHub Stars
24.8K
First Seen
Mar 18, 2026
detecting-rootkit-activity — mukul975/anthropic-cybersecurity-skills