Overview
Explore techniques to bypass Falco, a runtime security tool, in this 36-minute conference talk from KubeCon + CloudNativeCon Europe 2021. Delve into the vulnerabilities of Falco's kernel module and eBPF probe, learning how to circumvent its syscall tracing capabilities in Linux kernels. Gain insights from Falco maintainer Leonardo Di Donato on why blind trust in security tools can be dangerous, and participate in a thought-provoking discussion on the importance of critical evaluation in cloud-native security practices.
Syllabus
Bypass Falco - Leonardo Di Donato, Sysdig
Taught by
CNCF [Cloud Native Computing Foundation]