Linux Kernel Exploitation & Rootkits (LKXR)

Instructed by T. Roy

The goal of this course is to provide a good understanding of offensive and defensive software development in the Linux kernel and the knowledge to detect malicious activity in the kernel and defend against it. LKXR focuses on the skills of developing and detecting techniques used by Linux kernel mode rootkits at every stage of their execution. Students learn how to exploit kernel vulnerabilities, use and abuse kernel subsystems and programming interfaces to implement various stages of rootkits, and identify rootkits artifacts in modern 64-bit Linux systems. Students also learn about the security functionality and mitigations available in the latest Linux 5.x kernel.

Classes are limited. Get registered!

Learning Objectives

  • Identify kernel components and programming interfaces used to compromise a system.
  • Develop shellcode that executes in the kernel.
  • Develop linux kernel modules that provide offensive security functionality.
  • Implement key components of a kernel rootkit.
  • Recognize security related enhancements in the modern Linux kernel.
  • Analyze a Linux system to identify malicious activity.
  • Configure a Linux system to improve the system's security posture.

Students’ Knowledge Pre-Requisites:

  • Proficient in C programming language.
  • Knowledgeable of C programming constructors such as pointers, structures, arrays and linked lists. Comfortable with Linux command line tools.
  • Familiar with Linux development tools such as gcc and make and gdb commands.
  • Knowledge of operating system concepts such as process, thread, virtual memory, heaps, stacks, files, system calls, daemons etc.
  • Knowledge of operating system concepts such as process, thread, virtual memory, heaps, stacks, files, system calls, daemons etc.
  • Knowledge of Linux kernel internals, kernel module development and debugging.



Live-Online & In-Person


Private Basis (Live-Online)


5 days


Anti-malware engineers, malware analysts, forensics examiners, security researchers who are responsible for detecting, analyzing, and defending against rootkits and other kernel post exploitation techniques.

  • Standard Rate

Why choose the Center for Cyber Security Training

Interactive, classroom-based learning

Subject matter experts

Trusted by US government agencies


T.Roy, an author, instructor, and consultant, is the founder of CodeMachine. He has more than 20 years of experience in information security has been involved with Windows internals, development, debugging and security, since the inception of Windows NT in 1992. He has been involved in the development of some of the leading endpoint security solutions such as intrusion prevention, network firewalls, behavioral anti-malware, document security and data leak prevention systems. He has taught all over the world and has received many instructor recognition awards.

I really enjoyed the course! It was interesting to see a different perspective on penetration testing and ways of progressing from recon to initial access to escalating privilege and lateral movement.

- Robert L., Washington, DC

Want more information?

Download the Linux Kernel Exploitation & Rootkits (LKXR) course outline now.

Upcoming Training Sessions

Private Basis (Live-Online)

Classes are limited.

Enroll Now.

Related Courses

Our classroom delivers the most in-demand content from the highest profile subject matter experts. Intense and interactive, our courses prepare students with actionable insight and proven strategies.

windows internal architecture

Windows Internal Architecture

Whether you analyze malware, perform security research, conduct forensic investigations, engage in adversary simulation or prevent it, or build security solutions for Windows, understanding how Windows works internally is critical to be effective at your task.


Exploit Development Bootcamp & Advanced

Our three-day Bootcamp will teach both basic & advanced techniques from a leading exploit developer. In our Advanced course, experienced students will learn how to write exploits that bypass modern memory protections for the Win32 platform in a fast-paced, interactive learning environment.

Looking for a course that's not here? We'd love to hear your suggestions!

Are you fully prepared to deal with today's increasing cyber security risks? We can help you get the training you need.


*We respect your privacy