<ul><li>Researchers created a PoC rootkit named Curing that uses Linux's io_uring feature to evade traditional system call monitoring.</li><li>Curing is a proof-of-concept rootkit that utilizes io_uring for performing tasks without syscalls, making it undetectable by security tools.</li><li>io_uring is a Linux API for asynchronous I/O that bypasses system calls, making syscall-based security tools ineffective.</li><li>Many Linux EDRs are unable to monitor io_uring-based activity, posing a risk to current Linux security solutions.</li></ul>

PoC rootkit Curing evades traditional Linux detection systems

Discover more