Explore the power of BPF (Berkeley Packet Filter) for detection and blocking through YAML configuration in this 47-minute conference talk from 44CON Information Security Conference. Learn how to leverage OSS Tetragon, a mature open-source BPF engine, to monitor and block actions without writing any BPF code. Discover techniques for hooking kernel functions, blocking actions, and killing processes using simple YAML configurations. Gain insights into sending events to logs, email, SMS, and Slack channels for comprehensive monitoring. Presented by Kev Sheldrake, a seasoned security software developer and researcher, this talk offers practical knowledge for implementing advanced security measures using BPF and YAML.
Overview
Syllabus
Kev Sheldrake - Detection and Blocking with BPF via YAML
Taught by
44CON Information Security Conference