DS0008 Kernel
A computer program, at the core of a computer OS, that resides in memory and facilitates interactions between hardware and software components12
| Item | Value |
|---|---|
| ID | DS0008 |
| Platforms | Linux, macOS |
| Collection Layers | Host |
| Version | 1.0 |
| Created | 20 October 2021 |
| Last Modified | 10 November 2021 |
Data Components
Kernel Module Load
An object file that contains code to extend the running kernel of an OS, typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls
| Domain | ID | Name |
|---|---|---|
| enterprise | T1547 | Boot or Logon Autostart Execution |
| enterprise | T1547.006 | Kernel Modules and Extensions |
| enterprise | T1611 | Escape to Host |
References
-
Unified Compliance Framework. (2016, December 20). The audit system must be configured to audit the loading and unloading of dynamic kernel modules.. Retrieved September 28, 2021. ↩
-
Kerrisk, M. (2021, March 22). INIT_MODULE(2). Retrieved September 28, 2021. ↩
-
Wikipedia. (2018, March 17). Loadable kernel module. Retrieved April 9, 2018. ↩