Ksec (Kernel Security Checker) is a tool for FreeBSD and OpenBSD which can find an attacker by direct analysis of the kernel via /dev/mem, bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). KSec can find the modified syscalls from userspace, detect the promisc interfaces, find the modifications applied to a protocol and much more.
1a4530115327bcbd02ef7104acaefc72ddfea1d0db0e12252f7b0ee3fdfa0a1f