rootkit | Linux rootkit for Ubuntu | Security library

I am sort of new to kernel programming, but i have been struggling a ton with this issue for days now. I have a machine with linux kernel '5.10.0-kali7-amd64' and im using it for development of a linux kernel module for Ubutnu 16.04.4 '4.4.0-119-generic', but i can't figure out any way that i can compile it on my machine for that version and for it to actually work on the 4.4.0 kernel machine.

The closest i've got is this:

1. I downloaded source from https://launchpad.net/ubuntu/xenial/+package/linux-headers-4.4.0-119 and installed with dpkg
2. I then downloaded and installed the 4.4.0-119-generic from https://www.ubuntuupdates.org/package/core/xenial/main/updates/linux-image-4.4.0-119-generic
3. Both of them installed with no issue.
4. I compiled my module by using in my Makefile make -C /lib/modules/4.4.0-119-generic/build M=$(PWD) modules which also worked and compiled my hello world module.

However when uploaded to the 4.4.0 machine the insmod errored saying insmod: ERROR: could not insert module rootkitMy.ko: Invalid module format. The dmesg says: module: rootkit: Unknown rela relocation: 4 I then compiled my source code on the 4.4.0 machine and created a module with literally the exact same modinfo, but that one did work. here are the modinfos for both:

Can someone help me with terminal / ssh command to recursively go through folder structures and either delete .htaccess files with permission of 0444 and/or if possible to match the first line in the file for a safety measure.

Had a few accounts compromised on a server, which cleared up the malware / rootkits but noticed it added .htaccess files inside every folder with the following content:

TLDR: Number pad every number occurrence delimited by a .
Example 11.2.7 to 11.02.07

Note: not incremental - I wish to preserve existing numbers as they reference chapters

I'm trying to process a dataset with network attacks that has the following shape:

The below simple script is used to check a valid passphrase in gpg-agent cache. When a passphrase is valid, it will just print OK but if a passphrase invalid then it prints a Warning message.

Trying to group 23 different labels in second last column of "KDDTest+.csv" into four groups. Please note, I have deleted the last column of the csv prior to doing this.

I have read the .csv file using

I am trying to debug a rootkit in a virtual environment. From reversing I know that it uses super simple CPU timing checks, that look something like this (source pafish):

I have a Vmware guest and i want to create a raw disk image of it so i can do further forensics on it, the reason I don't want to create the image in a live matter from inside the VM is that there might be some kernel rootkits there and so it might change the real output

so what is the best approach here to create a disk image of a Vmware guest? i know its possible using virtual box, but what about Vmware?

When I run the docker script in interactive mode it works. I can see the logs in the console and also in AWS CloudWatch Logs. The below docker script runs in interactive mode and I have added the awslogs configuration so the logs go into cloudwatch. docker awslogs configuration