<style>/*<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=25055b38-0c09-40a1-817d-62a2b4db3d98' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=25055b38-0c09-40a1-817d-62a2b4db3d98' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2460228594947362&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-2460228594947362 -->

</head><body>*/</style>

T1547.006 Kernel Modules and Extensions in MITRE ATT&CK Explained

Sp123

26 Mar, 2026

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

What Is T1547.006 Kernel Modules and Extensions in MITRE ATT&CK?

T1547.006 Kernel Modules and Extensions is a technique in the MITRE ATT&CK framework under the Persistence tactic. It refers to the use of kernel modules in Linux (Loadable Kernel Modules, or LKMs) and kernel extensions in macOS (kexts) to extend the core functionality of the system’s kernel without requiring a reboot.

Article Link: T1547.006 Kernel Modules and Extensions in MITRE ATT&CK Explained

1 post - 1 participant

Read full topic

Malware Analysis, News and Indicators - Latest topics

Sp123

"An underestimated security threat to organizations is employee apathy and burn out.‌‌"

<style>/*
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/2470821300-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY7sNi1YnYl_g5L3O0AL1DN1hQoMHg:1774515445652';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d5925999397593177003','//www.sharitsec.eu.org/2026/03/t1547006-kernel-modules-and-extensions.html','5925999397593177003');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '5925999397593177003', 'title': 'SharITSec', 'url': 'https://www.sharitsec.eu.org/2026/03/t1547006-kernel-modules-and-extensions.html', 'canonicalUrl': 'https://www.sharitsec.eu.org/2026/03/t1547006-kernel-modules-and-extensions.html', 'homepageUrl': 'https://www.sharitsec.eu.org/', 'searchUrl': 'https://www.sharitsec.eu.org/search', 'canonicalHomepageUrl': 'https://www.sharitsec.eu.org/', 'blogspotFaviconUrl': 'https://www.sharitsec.eu.org/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22SharITSec - RSS\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/5925999397593177003/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/4462384000363107103/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-2460228594947362', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/6f42cc7ccba46eb2', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '4462384000363107103', 'postImageUrl': 'https://www.picussecurity.com/hubfs/RedReport2026/RR26%20Subtechnique%20Blog%20Previews/RR26-Blog-Previews-7-Boot%20or%20Logon%20Autostart%20Execution/RR26-Blog-Previews-7.6.png', 'pageName': 'T1547.006 Kernel Modules and Extensions in MITRE ATT\x26CK Explained', 'pageTitle': 'SharITSec: T1547.006 Kernel Modules and Extensions in MITRE ATT\x26CK Explained', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'T1547.006 Kernel Modules and Extensions in MITRE ATT\x26CK Explained', 'description': 'Welcome to the website \x22sharitsec.eu.org\x22 a gathering place for information and learning news about hacking.', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_twfLCchiD5bNDOjbpXvcHqWxVF2a3rqab99JxKLbdLFRsHGbOLpILZUfi3NE8bTkUh0yk4t7ZmGK-k-aWn5eLzbEmWyVGWQcktObaGCnhZCmHrru6n7swPIfJxSNzXX9yPEIsGX47xcgrh1Q9w2eWGHAHY9LgpohmVOjKJxg-INLSN0iqGiY-TD-5flpfSudQenrcsvAqDiRdYc2WoQaNk-rM245WIlDBra-cxFr8MmT2uxpPM3a8mqPxOhlWYFEjnTQON1tAOFl0dk9H8rDBGWiJ0qxI', 'url': 'https://www.sharitsec.eu.org/2026/03/t1547006-kernel-modules-and-extensions.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 4462384000363107103}}, {'name': 'widgets', 'data': [{'title': 'Pagination', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML8'}, {'title': 'Template License', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML7'}, {'title': 'Popular', 'type': 'PopularPosts', 'sectionId': 'upload-image', 'id': 'PopularPosts1', 'posts': [{'title': 'Actively Exploited Microsoft SharePoint Deserialization of Untrusted Data Vulnerability', 'id': 7336405913127590235}, {'title': 'Libraries for Red Teaming Your GenAI Applications', 'id': 2704897469970914799}, {'title': 'NIS2 readiness: Ensure compliance with the EU Cybersecurity Directive', 'id': 5308863899709746094}]}, {'title': 'Your Css', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML9'}, {'title': 'About Me', 'type': 'Profile', 'sectionId': 'upload-image', 'id': 'Profile1'}, {'title': 'Your Javascript', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML6'}, {'title': 'Google analytics', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML5'}, {'title': 'Navbar Menu', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML2'}, {'title': 'Icons, Dark, Search', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList10'}, {'title': 'Menu', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList11'}, {'title': 'Featured Post', 'type': 'FeaturedPost', 'sectionId': 'before-blog', 'id': 'FeaturedPost1', 'postId': '5636497768624363572'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'blog-post', 'id': 'Blog1', 'posts': [{'id': '4462384000363107103', 'title': 'T1547.006 Kernel Modules and Extensions in MITRE ATT\x26CK Explained', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_twfLCchiD5bNDOjbpXvcHqWxVF2a3rqab99JxKLbdLFRsHGbOLpILZUfi3NE8bTkUh0yk4t7ZmGK-k-aWn5eLzbEmWyVGWQcktObaGCnhZCmHrru6n7swPIfJxSNzXX9yPEIsGX47xcgrh1Q9w2eWGHAHY9LgpohmVOjKJxg-INLSN0iqGiY-TD-5flpfSudQenrcsvAqDiRdYc2WoQaNk-rM245WIlDBra-cxFr8MmT2uxpPM3a8mqPxOhlWYFEjnTQON1tAOFl0dk9H8rDBGWiJ0qxI', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}]}, 'footerBylines': [{'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Labels:'}]}], 'allBylineItems': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': 'Labels:'}]}, {'title': '#You may also like', 'type': 'HTML', 'sectionId': 'ads-post', 'id': 'HTML15'}, {'title': '', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML25'}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar-static', 'id': 'PopularPosts10', 'posts': [{'title': 'Actively Exploited Microsoft SharePoint Deserialization of Untrusted Data Vulnerability', 'id': 7336405913127590235}, {'title': 'Libraries for Red Teaming Your GenAI Applications', 'id': 2704897469970914799}, {'title': 'NIS2 readiness: Ensure compliance with the EU Cybersecurity Directive', 'id': 5308863899709746094}, {'title': 'Perseus: DTO malware that takes notes', 'id': 4307222844789455355}, {'title': 'FBI offers thousands of free LockBit decryption keys', 'id': 7706667196158478485}, {'title': 'GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)', 'id': 8660191116330769519}, {'title': 'T1547.001 Registry Run Keys/Start Up Folder in MITRE ATT\x26CK Explained', 'id': 4696355715716272292}, {'title': 'Lazarus, AI, and Trust Abuse: Top Enterprise Cybersecurity Risks 2026', 'id': 4527878217526196165}, {'title': 'This is all it takes to stop a train (Lock and Code S07E06)', 'id': 4938007324918038601}, {'title': 'Canada-Based Organization Health Shared Services Accelerates SOC Investigations with ANY.RUN', 'id': 6893208758420606013}]}, {'title': 'Archive', 'type': 'BlogArchive', 'sectionId': 'sidebar-static', 'id': 'BlogArchive10'}, {'title': '#Recent Post', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML19'}, {'title': 'Copyright', 'type': 'HTML', 'sectionId': 'copyright', 'id': 'HTML23'}, {'title': 'SVG Icons', 'type': 'HTML', 'sectionId': 'jet-options', 'id': 'HTML24'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML8', 'upload-image', document.getElementById('HTML8'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'upload-image', document.getElementById('HTML7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'upload-image', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML9', 'upload-image', document.getElementById('HTML9'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'upload-image', document.getElementById('Profile1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'upload-image', document.getElementById('HTML6'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML5', 'upload-image', document.getElementById('HTML5'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'upload-image', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'header-main', document.getElementById('LinkList10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList11', 'header-main', document.getElementById('LinkList11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_FeaturedPostView', new _WidgetInfo('FeaturedPost1', 'before-blog', document.getElementById('FeaturedPost1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'blog-post', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/671862423-lbx__en_gb.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/828616780-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML15', 'ads-post', document.getElementById('HTML15'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML25', 'sidebar-static', document.getElementById('HTML25'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts10', 'sidebar-static', document.getElementById('PopularPosts10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive10', 'sidebar-static', document.getElementById('BlogArchive10'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML19', 'sidebar-static', document.getElementById('HTML19'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML23', 'copyright', document.getElementById('HTML23'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML24', 'jet-options', document.getElementById('HTML24'), {}, 'displayModeFull'));
</script>
</body>*/</style>