| Command | What it does | When to use |
|---|---|---|
lsmod | Loaded kernel modules | Check for rootkits / drivers |
mod | Detailed module info | Investigate suspicious module |
sym <symbol> | Resolve symbol → address | Navigate kernel |
dis <addr> | Disassemble code | Low-level crash analysis |
BLUE TEAM / MALWARE REVERSE / LINUX / CRASH