Changed the repository (and the rootkit!) name with TripleCross: https://dictionary.cambridge.org/dictionary/english/double-cross. This is 'triple' because it is a BPF program that betrays you at the userspace, at the kernel, and at the network.

README.md

@@ -1,4 +1,4 @@
-# TFG
+# TripleCross
 ## Build and run
 ```bash
 cd src

docs/chapters/chapter4.tex

@@ -1067,9 +1067,11 @@ The rootkit client is compiled to a single executable named \textit{injector}. T
 	\label{fig:client_help}
 \end{figure}
 
-As we can observe in the figure, the rootkit client enables to execute the C2 actions we have described in section \ref{subsection:c2}. Upon running any of these options, the client will first request the network interface to use. This enables the attacker to choose the specific network to which it can connect to the infected machine. After choosing an interface, the rootkit client crafts the respective backdoor trigger and sends it to the infected machine (we have also included an additional non-C2 PoC showing how the rootkit modifies incoming packets). Every option requires to specify the infected machine location by indicating its IP address.
+As we can observe in the figure, the rootkit client enables to execute the C2 actions we have described in section \ref{subsection:c2}. Upon running any of these options, the client will first request the network interface to use. This enables the attacker to choose the specific network to which it can connect to the infected machine.
 
-After sending a backdoor trigger, the client will enter a listening state, waiting for the backdoor response. Once a response is received confirmating that the remote machine is up and with the rootkit running, the client proceeds to show the user a shell prompt where it can enter commands.
+After choosing an interface, the rootkit client crafts the respective backdoor trigger and sends it to the infected machine (we have also included an additional non-C2 PoC showing how the rootkit modifies incoming packets). Every option requires to specify the infected machine location by indicating its IP address.
+
+After sending a backdoor trigger, the client will enter a listening state, waiting for the backdoor response. Once a response is received confirmating that the remote machine is up and the rootkit is installed, the client proceeds to show the user a shell prompt where it can enter commands. This shell prompt 
 
 
 The rootkit client needs to be executed as root, since the library RawTCP\_Lib it uses requires privileges for some of its functionalities.

src/client/client.c

@@ -29,7 +29,7 @@
 
 void print_welcome_message(){
     printf("*******************************************************\n");
-    printf("************************* TFG *************************\n");
+    printf("********************* TripleCross *********************\n");
     printf("*******************************************************\n");
     printf("************ https://github.com/h3xduck/TFG ***********\n");
     printf("*******************************************************\n");

src/helpers/packager.sh

@@ -39,7 +39,7 @@ quiet(){
 
 #Start of script
 echo "*******************************************************\n"
-echo "************************* TFG *************************\n"
+echo "********************* TripleCross *********************\n"
 echo "*******************************************************\n"
 echo "***************** Marcos Sánchez Bajo *****************\n"
 echo "*******************************************************\n"