appsec

343 readers

1 users here now

A community for all things related to application security.

founded 2 years ago

MODERATORS

laszlok@infosec.pub

Pitfalls of relying on eBPF for security monitoring (and some solutions) (blog.trailofbits.com)

submitted 1 year ago by fuckReddit@infosec.pub to c/appsec@infosec.pub

0 comments fedilink hide all child comments

By Artem Dinaburg eBPF (extended Berkeley Packet Filter) has emerged as the de facto Linux standard for security monitoring and endpoint observability. It is used by technologies such as BPFTrace, Cilium, Pixie, Sysdig, and Falco due to its low overhead and its versatility. There is, however, a dark (but open) secret: eBPF was never intended…

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here