Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Implementing Container Privilege Escalation Detection Using eBPF for Cloud Native Security

Linux Foundation via YouTube

Overview

Explore container privilege escalation detection using eBPF for cloud native security in this informative conference talk. Learn how to leverage eBPF, a built-in kernel capability, to address privilege escalation issues in container environments without modifying kernel code or inserting kernel modules. Discover implementation results using various eBPF-based tools, including open-source options, bpftrace, BCC, and BPF-CORE. Gain insights into practical applications for Kubernetes environments by enhancing open-source monitoring tools with privilege escalation detection capabilities. Understand container escape scenarios, privilege escalation techniques, and defense mechanisms. Delve into monitoring container privilege changes and explore eBPF tools like traceebpf and bpftrace. Examine practical monitoring solutions such as Pixie. Acquire valuable knowledge on utilizing eBPF for container security in real-world settings, beneficial for developers and administrators seeking to enhance Linux system security visibility and container defense.

Syllabus

Introduction
Container Escape!
Privilege Escalation
Defense Mechanisms
Monitoring Container Privilege Changes
eBPF Tools: tracee
bpftrace
Practical Monitoring: Pixie

Taught by

Linux Foundation

Reviews

Start your review of Implementing Container Privilege Escalation Detection Using eBPF for Cloud Native Security

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.