Pulse of Truth

2346 readers

35 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

Breaking eBPF Security: How Kernel Rootkits Blind Observability Tools (matheuzsecurity.github.io)

submitted 1 month ago by lemmydev2 to c/pulse_of_truth

0 comments fedilink hide all child comments

eBPF programs cannot protect themselves from kernel-level manipulation eBPF verifier only ensures memory safety, not security guarantees All eBPF data flow mechanisms (iterators, ringbuffers, maps) are implemented as kernel functions Kernel functions can be hooked via ftrace The moment an attacker has kernel-level access, observability becomes optional.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here