Kernel Security Checker is a useful tool to locate
attackers residing within a system by employing a
direct analysis of the kernel through /dev/kmem and
bypassing the hiding techniques of the intruder (kernel
static recompilation or use of LKMs). It can find the
modified syscalls from userspace, detect the
promiscuous interfaces, and find the modifications
applied to a protocol.