Implementing Container Privilege Escalation Detection Using eBPF for Cloud Native Security
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore container privilege escalation detection using eBPF for cloud native security in this informative conference talk. Learn how to leverage eBPF, a built-in kernel capability, to address privilege escalation issues in container environments without modifying kernel code or inserting kernel modules. Discover implementation results using various eBPF-based tools, including open-source options, bpftrace, BCC, and BPF-CORE. Gain insights into practical applications for Kubernetes environments by enhancing open-source monitoring tools with privilege escalation detection capabilities. Understand container escape scenarios, privilege escalation techniques, and defense mechanisms. Delve into monitoring container privilege changes and explore eBPF tools like traceebpf and bpftrace. Examine practical monitoring solutions such as Pixie. Acquire valuable knowledge on utilizing eBPF for container security in real-world settings, beneficial for developers and administrators seeking to enhance Linux system security visibility and container defense.
Syllabus
Introduction
Container Escape!
Privilege Escalation
Defense Mechanisms
Monitoring Container Privilege Changes
eBPF Tools: tracee
bpftrace
Practical Monitoring: Pixie
Taught by
Linux Foundation
Tags
Related Courses
Building on Microsoft Sentinel PlatformMicrosoft via YouTube Securing Applications and Infrastructure on Kubernetes with Sysdig
Mirantis via YouTube Container Escape in 2021
Hack In The Box Security Conference via YouTube Running at Light Speed - Cloud Native Security Patterns
LASCON via YouTube Controlled Mayhem With Cloud Native Security Pipelines
OWASP Foundation via YouTube