YoVDO

Listen to Your Engine - Unearthing Security Signals from the Modern Linux Kernel

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Linux Kernel Security Courses eBPF Courses ptrace Courses kprobes Courses

Course Description

Overview

Dive into a comprehensive exploration of kernel event analysis and security signal detection in modern Linux systems. Learn how to unearth valuable security insights from the complex machinery of system calls, focusing on indicators of privilege escalation, resource abuse, and side-channel attacks. Explore both traditional and cutting-edge tools for kernel observation, including ptrace, kprobes, tracepoints, and eBPF. Examine real-world attack scenarios such as Shellshock, Apache Struts, and Meltdown, identifying key system call events that serve as exploit indicators. Gain insights into generalizing high-grade signals for future attack detection and understand the challenges in improving system call analysis. Benefit from practical recommendations for implementing system call logging and analysis in your own environments, based on experiences from deployments in global financial institutions.

Syllabus

BSidesSF 2018 - Listen to your Engine (Robby Cochran)


Taught by

Security BSides San Francisco

Related Courses

Analyzing Postgres Performance Problems Using Perf and eBPF
Microsoft via YouTube
Citus Con - An Event for Postgres - Americas Livestream
Microsoft via YouTube
EBPF - The Next Power Tool of SREs
USENIX via YouTube
Kernel Tracing With EBPF
media.ccc.de via YouTube
Building Observability for 99% Developers
Docker via YouTube