The introduction of Rust into the Linux kernel allows to write kernel drivers in Rust, which we can use to build a kernel-level EDR. This post explores this possibility by designing various checks to detect kernel-level rootkits and implementing them using the kernel’s Rust API. We then discuss the experience of developing in Rust within the Linux kernel.