Linux Rootkit Competition 

tmp.0ut #5

We're having a Linux Rootkit Competition for tmp.0ut #5! This time it will be
for rootkits targeting kernel 6.18 LTS and easylkb will be used for dynamic
analysis by our amazing judges, Peter Ferrie, Travis Goodspeed, and Matheuz.

Some of the core structs are extended in different minor versions, so we decided
to target this one specifically, leaving the possibility for future competitions
on different versions (or maybe even "how many versions can your rootkit work
on?")

While this is structured as a competition, the primary goal is a showcase of
techniques and approaches for Linux rootkit technologies. We're interested in
seeing how problems are approached just as much as what the final product does.

Submissions
  ~ Entries should include any required compilation instructions, dependencies, or
    configuration notes.
  ~ Dynamic testing will be performed in containerized environments with easylkb.
  ~ Rootkits may target userland, kernel space, or use hybrid approaches.

Evaluation Criteria
Each submission will be scored from 1–5 in the following categories:

  ~ Stealth / Detection Evasion
  ~ Persistence
  ~ Complexity
  ~ Obfuscation
  ~ Novelty / Ingenuity

Showcase First
Although a grading system exists, this is not a winner-takes-all event. Many (or
all, depending on the number of submissions) will be described, with an emphasis
on highlighting different design philosophies, tradeoffs, and techniques used.

The intent is to create a snapshot of Linux rootkit technologies and
methodologies, past and present—educational, comparative, and exploratory in
nature. Let's go!

  ~ Email your paper to stdin@tmpout.sh
  ~ Be sure to include [CFP 5] in your email subject.
  ~ Please submit your paper by no later than May 31st 2026.

If you have any questions regarding submissions, contact us through X (@tmpout),
Discord, Mastodon, or via the email address mentioned above.