Finding the Needles in a Haystack - Identifying Suspicious Behaviors with eBPF

Finding the Needles in a Haystack - Identifying Suspicious Behaviors with eBPF

CNCF [Cloud Native Computing Foundation] via YouTube Direct link

Rich Container and Process Context

15 of 22

15 of 22

Rich Container and Process Context

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Finding the Needles in a Haystack - Identifying Suspicious Behaviors with eBPF

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 The challenges
  3. 3 Different approaches
  4. 4 Introducing Extended Berkeley Packet Filter (eBPF)
  5. 5 How it works
  6. 6 Linux kernel diagram
  7. 7 How GD is using eBPF
  8. 8 Getting started with eBPF
  9. 9 eBPF Advantages & Disadvantages
  10. 10 Common eBPF use cases
  11. 11 eBPF @ Amazon
  12. 12 Why eBPF for GuardDuty
  13. 13 System Call Tracing with eBPF
  14. 14 System Call Tracing - Avoiding Race Conditions
  15. 15 Rich Container and Process Context
  16. 16 Collected Metadata Kernel and Userspace
  17. 17 Monitored Events
  18. 18 On-Host Versus Backend Processing
  19. 19 Example Scenario Command Injection Exploitation
  20. 20 Example Scenario Detections
  21. 21 Actionable Detections
  22. 22 Summary

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.