An object file that contains code to extend the running kernel of an OS, typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls
An object file that contains code to extend the running kernel of an OS, typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls
| Domain | ID | Name | Detects | |
|---|---|---|---|---|
| Enterprise | T1547 | Boot or Logon Autostart Execution | Monitor for unusual kernel driver installation activity that may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. | |
| .006 | Kernel Modules and Extensions | LKMs are typically loaded into  | ||