eBPF Warfare - Detecting Kernel & eBPF Rootkits with Tracee
Conference: RSA Conference 2023
2023-04-24
Authors: Asaf Eitani, Idan Revivo
Abstract
eBPF is uncharted territory in terms of malicious activity detection. As threats continue to emerge, it’s time to get proactive. Attendees will learn about the different types of rootkits, their attack flow, how they operate and how to detect them. Lastly, they will learn how to use Tracee, an open-source tool harnessing eBPF to detect those threats and gain an advantage on the attackers.
Materials:
Tags: